stdin

Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/kxmlgui-5.74.0/autotests/kmainwindow_unittest.h
Examining data/kxmlgui-5.74.0/autotests/testxmlguiwindow.h
Examining data/kxmlgui-5.74.0/autotests/testguiclient.h
Examining data/kxmlgui-5.74.0/autotests/kxmlgui_unittest.cpp
Examining data/kxmlgui-5.74.0/autotests/kmainwindow_unittest.cpp
Examining data/kxmlgui-5.74.0/autotests/kactioncategorytest.h
Examining data/kxmlgui-5.74.0/autotests/kactioncollectiontest.h
Examining data/kxmlgui-5.74.0/autotests/kactioncategorytest.cpp
Examining data/kxmlgui-5.74.0/autotests/ktoolbar_unittest.cpp
Examining data/kxmlgui-5.74.0/autotests/kactioncollectiontest.cpp
Examining data/kxmlgui-5.74.0/autotests/kxmlgui_unittest.h
Examining data/kxmlgui-5.74.0/tests/kxmlguiwindowtest.cpp
Examining data/kxmlgui-5.74.0/tests/kxmlguitest.h
Examining data/kxmlgui-5.74.0/tests/krulertest.h
Examining data/kxmlgui-5.74.0/tests/kbugreporttest.cpp
Examining data/kxmlgui-5.74.0/tests/ktoolbartest.cpp
Examining data/kxmlgui-5.74.0/tests/krulertest.cpp
Examining data/kxmlgui-5.74.0/tests/kmainwindowrestoretest.h
Examining data/kxmlgui-5.74.0/tests/kmainwindowtest.h
Examining data/kxmlgui-5.74.0/tests/kmainwindowrestoretest.cpp
Examining data/kxmlgui-5.74.0/tests/kwindowtest.h
Examining data/kxmlgui-5.74.0/tests/kwindowtest.cpp
Examining data/kxmlgui-5.74.0/tests/krichtexteditor/krichtexteditor.h
Examining data/kxmlgui-5.74.0/tests/krichtexteditor/main.cpp
Examining data/kxmlgui-5.74.0/tests/krichtexteditor/krichtexteditor.cpp
Examining data/kxmlgui-5.74.0/tests/kmainwindowtest.cpp
Examining data/kxmlgui-5.74.0/tests/kxmlguitest.cpp
Examining data/kxmlgui-5.74.0/src/kshortcutwidget.h
Examining data/kxmlgui-5.74.0/src/kxmlguiversionhandler_p.h
Examining data/kxmlgui-5.74.0/src/kshortcutseditor.cpp
Examining data/kxmlgui-5.74.0/src/ktoggletoolbaraction.h
Examining data/kxmlgui-5.74.0/src/kxmlguiclient.cpp
Examining data/kxmlgui-5.74.0/src/khelpmenu.cpp
Examining data/kxmlgui-5.74.0/src/kaboutapplicationdialog.h
Examining data/kxmlgui-5.74.0/src/kaboutkdedialog_p.cpp
Examining data/kxmlgui-5.74.0/src/kaboutapplicationpersonlistdelegate_p.h
Examining data/kxmlgui-5.74.0/src/kxmlguiclient.h
Examining data/kxmlgui-5.74.0/src/khelpmenu.h
Examining data/kxmlgui-5.74.0/src/ktoolbarhelper.cpp
Examining data/kxmlgui-5.74.0/src/kshortcutschemeseditor.cpp
Examining data/kxmlgui-5.74.0/src/kshortcutseditoritem.cpp
Examining data/kxmlgui-5.74.0/src/kxmlguiversionhandler.cpp
Examining data/kxmlgui-5.74.0/src/kcheckaccelerators.h
Examining data/kxmlgui-5.74.0/src/kswitchlanguagedialog_p.cpp
Examining data/kxmlgui-5.74.0/src/kxmlguiwindow.cpp
Examining data/kxmlgui-5.74.0/src/kmainwindow.h
Examining data/kxmlgui-5.74.0/src/systeminformation_p.h
Examining data/kxmlgui-5.74.0/src/kshortcutsdialog_p.h
Examining data/kxmlgui-5.74.0/src/kshortcutschemeshelper_p.h
Examining data/kxmlgui-5.74.0/src/kactioncollection.cpp
Examining data/kxmlgui-5.74.0/src/kactionconflictdetector.cpp
Examining data/kxmlgui-5.74.0/src/klicensedialog_p.h
Examining data/kxmlgui-5.74.0/src/kaboutplugindialog.cpp
Examining data/kxmlgui-5.74.0/src/kxmlguiwindow.h
Examining data/kxmlgui-5.74.0/src/kaboutapplicationpersonlistdelegate_p.cpp
Examining data/kxmlgui-5.74.0/src/kmainwindowiface_p.h
Examining data/kxmlgui-5.74.0/src/kaboutapplicationpersonmodel_p.cpp
Examining data/kxmlgui-5.74.0/src/ktoolbarhelper_p.h
Examining data/kxmlgui-5.74.0/src/kabstractaboutdialog_p.cpp
Examining data/kxmlgui-5.74.0/src/kundoactions.h
Examining data/kxmlgui-5.74.0/src/kswitchlanguagedialog_p.h
Examining data/kxmlgui-5.74.0/src/kkeysequencewidget.h
Examining data/kxmlgui-5.74.0/src/kactioncategory.h
Examining data/kxmlgui-5.74.0/src/kbugreport.h
Examining data/kxmlgui-5.74.0/src/kaboutapplicationpersonlistview_p.cpp
Examining data/kxmlgui-5.74.0/src/kmainwindow.cpp
Examining data/kxmlgui-5.74.0/src/kedittoolbar_p.h
Examining data/kxmlgui-5.74.0/src/kaboutkdedialog_p.h
Examining data/kxmlgui-5.74.0/src/kxmlguibuilder.h
Examining data/kxmlgui-5.74.0/src/ksendbugmail/smtp.h
Examining data/kxmlgui-5.74.0/src/ksendbugmail/main.cpp
Examining data/kxmlgui-5.74.0/src/ksendbugmail/smtp.cpp
Examining data/kxmlgui-5.74.0/src/ksendbugmail/main.h
Examining data/kxmlgui-5.74.0/src/kmenumenuhandler_p.cpp
Examining data/kxmlgui-5.74.0/src/kxmlguifactory_p.h
Examining data/kxmlgui-5.74.0/src/kundoactions.cpp
Examining data/kxmlgui-5.74.0/src/kxmlguibuilder.cpp
Examining data/kxmlgui-5.74.0/src/kshortcutschemeshelper.cpp
Examining data/kxmlgui-5.74.0/src/kaboutplugindialog.h
Examining data/kxmlgui-5.74.0/src/kaboutapplicationpersonmodel_p.h
Examining data/kxmlgui-5.74.0/src/kxmlguifactory.h
Examining data/kxmlgui-5.74.0/src/kbugreport.cpp
Examining data/kxmlgui-5.74.0/src/kaboutapplicationpersonlistview_p.h
Examining data/kxmlgui-5.74.0/src/kshortcutsdialog.cpp
Examining data/kxmlgui-5.74.0/src/kactioncollection.h
Examining data/kxmlgui-5.74.0/src/kshortcutseditor.h
Examining data/kxmlgui-5.74.0/src/kmenumenuhandler_p.h
Examining data/kxmlgui-5.74.0/src/kxmlguifactory.cpp
Examining data/kxmlgui-5.74.0/src/kabstractaboutdialog_p.h
Examining data/kxmlgui-5.74.0/src/kedittoolbar.h
Examining data/kxmlgui-5.74.0/src/klicensedialog_p.cpp
Examining data/kxmlgui-5.74.0/src/kedittoolbar.cpp
Examining data/kxmlgui-5.74.0/src/kactioncategory.cpp
Examining data/kxmlgui-5.74.0/src/kshortcutsdialog.h
Examining data/kxmlgui-5.74.0/src/kshortcutwidget.cpp
Examining data/kxmlgui-5.74.0/src/kshortcutseditordelegate.cpp
Examining data/kxmlgui-5.74.0/src/kkeysequencewidget.cpp
Examining data/kxmlgui-5.74.0/src/kshortcuteditwidget.cpp
Examining data/kxmlgui-5.74.0/src/ktoolbarhandler_p.h
Examining data/kxmlgui-5.74.0/src/ktoggletoolbaraction.cpp
Examining data/kxmlgui-5.74.0/src/ktoolbar.h
Examining data/kxmlgui-5.74.0/src/kcheckaccelerators.cpp
Examining data/kxmlgui-5.74.0/src/kmainwindowiface.cpp
Examining data/kxmlgui-5.74.0/src/kkeysequencewidget_p.h
Examining data/kxmlgui-5.74.0/src/ktoolbar.cpp
Examining data/kxmlgui-5.74.0/src/ktoolbarhandler.cpp
Examining data/kxmlgui-5.74.0/src/kxmlguifactory_p.cpp
Examining data/kxmlgui-5.74.0/src/kaboutapplicationdialog.cpp
Examining data/kxmlgui-5.74.0/src/kmainwindow_p.h

FINAL RESULTS:

data/kxmlgui-5.74.0/autotests/kxmlgui_unittest.cpp:1070:51:  [4] (shell) system:
  This causes a new program to execute and is difficult to use safely
  (CWE-78). try using a library call that implements the same functionality
  if available.
    const QLocale originalSystemLocale = QLocale::system();
data/kxmlgui-5.74.0/autotests/kxmlgui_unittest.cpp:1078:23:  [4] (shell) system:
  This causes a new program to execute and is difficult to use safely
  (CWE-78). try using a library call that implements the same functionality
  if available.
    QCOMPARE(QLocale::system().language(), QLocale::Russian);
data/kxmlgui-5.74.0/autotests/kxmlgui_unittest.cpp:1083:23:  [4] (shell) system:
  This causes a new program to execute and is difficult to use safely
  (CWE-78). try using a library call that implements the same functionality
  if available.
    QCOMPARE(QLocale::system().language(), QLocale::Walloon);
data/kxmlgui-5.74.0/autotests/kxmlgui_unittest.cpp:1088:23:  [4] (shell) system:
  This causes a new program to execute and is difficult to use safely
  (CWE-78). try using a library call that implements the same functionality
  if available.
    QCOMPARE(QLocale::system(), originalSystemLocale);
data/kxmlgui-5.74.0/src/kbugreport.cpp:465:79:  [4] (shell) system:
  This causes a new program to execute and is difficult to use safely
  (CWE-78). try using a library call that implements the same functionality
  if available.
    if (severity == QLatin1String("i18n") && QLocale().language() != QLocale::system().language()) {
data/kxmlgui-5.74.0/autotests/kxmlgui_unittest.cpp:146:22:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    QVERIFY(userFile.open());
data/kxmlgui-5.74.0/autotests/kxmlgui_unittest.cpp:151:21:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    QVERIFY(appFile.open());
data/kxmlgui-5.74.0/autotests/kxmlgui_unittest.cpp:171:22:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    QVERIFY(userFile.open());
data/kxmlgui-5.74.0/autotests/kxmlgui_unittest.cpp:187:21:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    QVERIFY2(fileV2.open(QIODevice::WriteOnly), qPrintable(fileV2.fileName()));
data/kxmlgui-5.74.0/autotests/kxmlgui_unittest.cpp:192:20:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    QVERIFY(fileV5.open());
data/kxmlgui-5.74.0/autotests/kxmlgui_unittest.cpp:200:20:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    QVERIFY(fileV1.open());
data/kxmlgui-5.74.0/autotests/kxmlgui_unittest.cpp:217:20:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    QVERIFY(fileV5.open());
data/kxmlgui-5.74.0/autotests/kxmlgui_unittest.cpp:231:20:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    QVERIFY(fileV2.open(QIODevice::WriteOnly));
data/kxmlgui-5.74.0/autotests/kxmlgui_unittest.cpp:237:20:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    QVERIFY(fileV5.open());
data/kxmlgui-5.74.0/autotests/kxmlgui_unittest.cpp:245:20:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    QVERIFY(fileV1.open());
data/kxmlgui-5.74.0/autotests/kxmlgui_unittest.cpp:923:22:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    QVERIFY(fileOrig.open());
data/kxmlgui-5.74.0/autotests/kxmlgui_unittest.cpp:929:25:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    QVERIFY(fileReplace.open());
data/kxmlgui-5.74.0/autotests/kxmlgui_unittest.cpp:936:24:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    QVERIFY2(fileLocal.open(QIODevice::WriteOnly), qPrintable(fileLocal.fileName()));
data/kxmlgui-5.74.0/autotests/testxmlguiwindow.h:29:28:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
        QVERIFY(m_userFile.open());
data/kxmlgui-5.74.0/src/ksendbugmail/smtp.h:155:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char readBuffer[SMTP_READ_BUFFER_SIZE];
data/kxmlgui-5.74.0/src/kshortcutschemeseditor.cpp:119:21:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    if (!schemeFile.open(QFile::WriteOnly | QFile::Truncate)) {
data/kxmlgui-5.74.0/src/kshortcutschemeshelper.cpp:91:29:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
            if (!schemeFile.open(QFile::WriteOnly | QFile::Truncate)) {
data/kxmlgui-5.74.0/src/kxmlguifactory.cpp:138:37:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    if (xml_file.isEmpty() || !file.open(QIODevice::ReadOnly)) {
data/kxmlgui-5.74.0/src/kxmlguifactory.cpp:160:37:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    if (xml_file.isEmpty() || !file.open(QIODevice::WriteOnly)) {
data/kxmlgui-5.74.0/src/kxmlguifactory.cpp:690:20:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    if (schemeFile.open(QIODevice::ReadOnly)) {
data/kxmlgui-5.74.0/src/kxmlguiversionhandler.cpp:246:27:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
                    if (f.open(QIODevice::WriteOnly)) {
data/kxmlgui-5.74.0/tests/krichtexteditor/krichtexteditor.cpp:49:22:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    KStandardAction::open(this, SLOT(openFile()),
data/kxmlgui-5.74.0/tests/krichtexteditor/krichtexteditor.cpp:84:15:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    if (!file.open(QIODevice::WriteOnly)) {
data/kxmlgui-5.74.0/tests/krichtexteditor/krichtexteditor.cpp:120:14:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    if (file.open(QIODevice::ReadOnly)) {
data/kxmlgui-5.74.0/src/ksendbugmail/smtp.cpp:214:15:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
    n = sock->read(readBuffer, SMTP_READ_BUFFER_SIZE - 1);

ANALYSIS SUMMARY:

Hits = 30
Lines analyzed = 27486 in approximately 0.67 seconds (41127 lines/second)
Physical Source Lines of Code (SLOC) = 17742
Hits@level = [0]   0 [1]   1 [2]  24 [3]   0 [4]   5 [5]   0
Hits@level+ = [0+]  30 [1+]  30 [2+]  29 [3+]   5 [4+]   5 [5+]   0
Hits/KSLOC@level+ = [0+] 1.6909 [1+] 1.6909 [2+] 1.63454 [3+] 0.281817 [4+] 0.281817 [5+]   0
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.