Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler. Number of rules (primarily dangerous function names) in C/C++ ruleset: 223 Examining data/libquazip-0.9.1/quazip/JlCompress.cpp Examining data/libquazip-0.9.1/quazip/JlCompress.h Examining data/libquazip-0.9.1/quazip/ioapi.h Examining data/libquazip-0.9.1/quazip/minizip_crypt.h Examining data/libquazip-0.9.1/quazip/qioapi.cpp Examining data/libquazip-0.9.1/quazip/quaadler32.cpp Examining data/libquazip-0.9.1/quazip/quaadler32.h Examining data/libquazip-0.9.1/quazip/quachecksum32.h Examining data/libquazip-0.9.1/quazip/quacrc32.cpp Examining data/libquazip-0.9.1/quazip/quacrc32.h Examining data/libquazip-0.9.1/quazip/quagzipfile.cpp Examining data/libquazip-0.9.1/quazip/quagzipfile.h Examining data/libquazip-0.9.1/quazip/quaziodevice.cpp Examining data/libquazip-0.9.1/quazip/quaziodevice.h Examining data/libquazip-0.9.1/quazip/quazip.cpp Examining data/libquazip-0.9.1/quazip/quazip.h Examining data/libquazip-0.9.1/quazip/quazip_global.h Examining data/libquazip-0.9.1/quazip/quazipdir.cpp Examining data/libquazip-0.9.1/quazip/quazipdir.h Examining data/libquazip-0.9.1/quazip/quazipfile.cpp Examining data/libquazip-0.9.1/quazip/quazipfile.h Examining data/libquazip-0.9.1/quazip/quazipfileinfo.cpp Examining data/libquazip-0.9.1/quazip/quazipfileinfo.h Examining data/libquazip-0.9.1/quazip/quazipnewinfo.cpp Examining data/libquazip-0.9.1/quazip/quazipnewinfo.h Examining data/libquazip-0.9.1/quazip/unzip.c Examining data/libquazip-0.9.1/quazip/unzip.h Examining data/libquazip-0.9.1/quazip/zip.c Examining data/libquazip-0.9.1/quazip/zip.h Examining data/libquazip-0.9.1/qztest/qztest.cpp Examining data/libquazip-0.9.1/qztest/qztest.h Examining data/libquazip-0.9.1/qztest/testjlcompress.cpp Examining data/libquazip-0.9.1/qztest/testjlcompress.h Examining data/libquazip-0.9.1/qztest/testquachecksum32.cpp Examining data/libquazip-0.9.1/qztest/testquachecksum32.h Examining data/libquazip-0.9.1/qztest/testquagzipfile.cpp Examining data/libquazip-0.9.1/qztest/testquagzipfile.h Examining data/libquazip-0.9.1/qztest/testquaziodevice.cpp Examining data/libquazip-0.9.1/qztest/testquaziodevice.h Examining data/libquazip-0.9.1/qztest/testquazip.cpp Examining data/libquazip-0.9.1/qztest/testquazip.h Examining data/libquazip-0.9.1/qztest/testquazipdir.cpp Examining data/libquazip-0.9.1/qztest/testquazipdir.h Examining data/libquazip-0.9.1/qztest/testquazipfile.cpp Examining data/libquazip-0.9.1/qztest/testquazipfile.h Examining data/libquazip-0.9.1/qztest/testquazipfileinfo.cpp Examining data/libquazip-0.9.1/qztest/testquazipfileinfo.h Examining data/libquazip-0.9.1/qztest/testquazipnewinfo.cpp Examining data/libquazip-0.9.1/qztest/testquazipnewinfo.h FINAL RESULTS: data/libquazip-0.9.1/quazip/minizip_crypt.h:116:9: [3] (random) srand: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. srand((unsigned)(time(NULL) ^ ZCR_SEED2)); data/libquazip-0.9.1/quazip/JlCompress.cpp:31:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[4096]; data/libquazip-0.9.1/quazip/JlCompress.cpp:55:16: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if(!inFile.open(QIODevice::ReadOnly)) return false; data/libquazip-0.9.1/quazip/JlCompress.cpp:59:17: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if(!outFile.open(QIODevice::WriteOnly, QuaZipNewInfo(fileDest, inFile.fileName()))) return false; data/libquazip-0.9.1/quazip/JlCompress.cpp:93:19: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if (!dirZipFile.open(QIODevice::WriteOnly, data/libquazip-0.9.1/quazip/JlCompress.cpp:146:16: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if(!inFile.open(QIODevice::ReadOnly) || inFile.getZipError()!=UNZ_OK) return false; data/libquazip-0.9.1/quazip/JlCompress.cpp:175:17: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if(!outFile.open(QIODevice::WriteOnly)) return false; data/libquazip-0.9.1/quazip/JlCompress.cpp:212:13: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if(!zip.open(QuaZip::mdCreate)) { data/libquazip-0.9.1/quazip/JlCompress.cpp:237:13: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if(!zip.open(QuaZip::mdCreate)) { data/libquazip-0.9.1/quazip/JlCompress.cpp:273:13: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if(!zip.open(QuaZip::mdCreate)) { data/libquazip-0.9.1/quazip/JlCompress.cpp:302:13: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if(!zip.open(QuaZip::mdUnzip)) { data/libquazip-0.9.1/quazip/JlCompress.cpp:330:13: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if(!zip.open(QuaZip::mdUnzip)) { data/libquazip-0.9.1/quazip/JlCompress.cpp:369:13: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if(!zip.open(QuaZip::mdUnzip)) { data/libquazip-0.9.1/quazip/JlCompress.cpp:410:14: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if(!zip->open(QuaZip::mdUnzip)) { data/libquazip-0.9.1/quazip/ioapi.h:50:17: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). #define fopen64 fopen data/libquazip-0.9.1/quazip/ioapi.h:55:18: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). #define fopen64 fopen data/libquazip-0.9.1/quazip/minizip_crypt.h:104:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char header[RAND_HEAD_LEN-2]; /* random header */ data/libquazip-0.9.1/quazip/qioapi.cpp:125:15: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). iodevice->open(desiredMode); data/libquazip-0.9.1/quazip/quagzipfile.cpp:37:36: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). template<typename FileId> bool open(FileId id, data/libquazip-0.9.1/quazip/quagzipfile.cpp:39:12: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). gzFile open(int fd, const char *modeString); data/libquazip-0.9.1/quazip/quagzipfile.cpp:40:12: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). gzFile open(const QString &name, const char *modeString); data/libquazip-0.9.1/quazip/quagzipfile.cpp:43:28: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). gzFile QuaGzipFilePrivate::open(const QString &name, const char *modeString) data/libquazip-0.9.1/quazip/quagzipfile.cpp:48:28: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). gzFile QuaGzipFilePrivate::open(int fd, const char *modeString) data/libquazip-0.9.1/quazip/quagzipfile.cpp:54:26: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). bool QuaGzipFilePrivate::open(FileId id, QIODevice::OpenMode mode, data/libquazip-0.9.1/quazip/quagzipfile.cpp:57:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char modeString[2]; data/libquazip-0.9.1/quazip/quagzipfile.cpp:78:11: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). gzd = open(id, modeString); data/libquazip-0.9.1/quazip/quagzipfile.cpp:127:19: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). bool QuaGzipFile::open(QIODevice::OpenMode mode) data/libquazip-0.9.1/quazip/quagzipfile.cpp:130:13: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if (!d->open(d->fileName, mode, error)) { data/libquazip-0.9.1/quazip/quagzipfile.cpp:134:23: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). return QIODevice::open(mode); data/libquazip-0.9.1/quazip/quagzipfile.cpp:137:19: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). bool QuaGzipFile::open(int fd, QIODevice::OpenMode mode) data/libquazip-0.9.1/quazip/quagzipfile.cpp:140:13: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if (!d->open(fd, mode, error)) { data/libquazip-0.9.1/quazip/quagzipfile.cpp:144:23: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). return QIODevice::open(mode); data/libquazip-0.9.1/quazip/quagzipfile.h:79:16: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). virtual bool open(QIODevice::OpenMode mode); data/libquazip-0.9.1/quazip/quagzipfile.h:87:16: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). virtual bool open(int fd, QIODevice::OpenMode mode); data/libquazip-0.9.1/quazip/quaziodevice.cpp:73:9: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). debug.open(QIODevice::WriteOnly); data/libquazip-0.9.1/quazip/quaziodevice.cpp:77:11: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). indebug.open(QIODevice::WriteOnly); data/libquazip-0.9.1/quazip/quaziodevice.cpp:185:20: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). bool QuaZIODevice::open(QIODevice::OpenMode mode) data/libquazip-0.9.1/quazip/quaziodevice.cpp:209:23: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). return QIODevice::open(mode); data/libquazip-0.9.1/quazip/quaziodevice.h:80:16: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). virtual bool open(QIODevice::OpenMode mode); data/libquazip-0.9.1/quazip/quazip.cpp:236:14: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). bool QuaZip::open(Mode mode, zlib_filefunc_def* ioApi) data/libquazip-0.9.1/quazip/quazip.h:193:10: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). bool open(Mode mode, zlib_filefunc_def *ioApi =NULL); data/libquazip-0.9.1/quazip/quazipfile.cpp:254:18: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). bool QuaZipFile::open(OpenMode mode) data/libquazip-0.9.1/quazip/quazipfile.cpp:256:10: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). return open(mode, NULL); data/libquazip-0.9.1/quazip/quazipfile.cpp:259:18: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). bool QuaZipFile::open(OpenMode mode, int *method, int *level, bool raw, const char *password) data/libquazip-0.9.1/quazip/quazipfile.cpp:272:19: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if(!p->zip->open(QuaZip::mdUnzip)) { data/libquazip-0.9.1/quazip/quazipfile.cpp:308:18: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). bool QuaZipFile::open(OpenMode mode, const QuaZipNewInfo& info, data/libquazip-0.9.1/quazip/quazipfile.h:292:18: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). virtual bool open(OpenMode mode); data/libquazip-0.9.1/quazip/quazipfile.h:298:17: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). inline bool open(OpenMode mode, const char *password) data/libquazip-0.9.1/quazip/quazipfile.h:299:13: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). {return open(mode, NULL, NULL, false, password);} data/libquazip-0.9.1/quazip/quazipfile.h:312:10: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). bool open(OpenMode mode, int *method, int *level, bool raw, const char *password =NULL); data/libquazip-0.9.1/quazip/quazipfile.h:341:10: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). bool open(OpenMode mode, const QuaZipNewInfo& info, data/libquazip-0.9.1/quazip/unzip.c:1291:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char szCurrentFileName[UNZ_MAXFILENAMEINZIP+1]; data/libquazip-0.9.1/quazip/unzip.c:1505:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char source[12]; data/libquazip-0.9.1/quazip/zip.c:131:12: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char data[SIZEDATA_INDATABLOCK]; data/libquazip-0.9.1/quazip/zip.c:302:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char buf[8]; data/libquazip-0.9.1/quazip/zip.c:1296:18: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char bufHead[RAND_HEAD_LEN]; data/libquazip-0.9.1/quazip/zip.c:2056:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(pTmp, p, dataSize + 4); data/libquazip-0.9.1/quazip/zip.c:2070:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(pData, pNewHeader, size); data/libquazip-0.9.1/qztest/qztest.cpp:67:27: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if (!testFile.open(QIODevice::WriteOnly | QIODevice::Text)) { data/libquazip-0.9.1/qztest/qztest.cpp:93:14: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if (!zip.open(QuaZip::mdCreate)) { data/libquazip-0.9.1/qztest/qztest.cpp:110:22: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if (!zipFile.open(QIODevice::WriteOnly, data/libquazip-0.9.1/qztest/qztest.cpp:119:23: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if (!file.open(QIODevice::ReadOnly)) { data/libquazip-0.9.1/qztest/qztest.cpp:125:17: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[4096]; data/libquazip-0.9.1/qztest/testjlcompress.cpp:67:21: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). QVERIFY(zipFile.open(QIODevice::ReadOnly)); data/libquazip-0.9.1/qztest/testjlcompress.cpp:224:21: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). QVERIFY(zipFile.open(QIODevice::ReadOnly)); data/libquazip-0.9.1/qztest/testjlcompress.cpp:285:21: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). QVERIFY(zipFile.open(QIODevice::ReadOnly)); data/libquazip-0.9.1/qztest/testjlcompress.cpp:374:21: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). QVERIFY(zipFile.open(QIODevice::ReadOnly)); data/libquazip-0.9.1/qztest/testjlcompress.cpp:403:24: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). QVERIFY(zipCreator.open(QuaZip::mdCreate)); data/libquazip-0.9.1/qztest/testjlcompress.cpp:407:22: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). QVERIFY(zeroFile.open(QIODevice::WriteOnly, newInfo)); data/libquazip-0.9.1/qztest/testquagzipfile.cpp:39:22: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). QVERIFY(testFile.open(QIODevice::ReadOnly)); data/libquazip-0.9.1/qztest/testquagzipfile.cpp:40:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[5]; data/libquazip-0.9.1/qztest/testquagzipfile.cpp:57:22: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). QVERIFY(testFile.open(QIODevice::WriteOnly)); data/libquazip-0.9.1/qztest/testquagzipfile.cpp:63:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[5]; data/libquazip-0.9.1/qztest/testquaziodevice.cpp:46:16: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). testBuffer.open(QIODevice::ReadOnly); data/libquazip-0.9.1/qztest/testquaziodevice.cpp:48:24: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). QVERIFY(testDevice.open(QIODevice::ReadOnly)); data/libquazip-0.9.1/qztest/testquaziodevice.cpp:49:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char outBuf[5]; data/libquazip-0.9.1/qztest/testquaziodevice.cpp:70:16: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). testBuffer.open(QIODevice::ReadOnly); data/libquazip-0.9.1/qztest/testquaziodevice.cpp:72:24: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). QVERIFY(testDevice.open(QIODevice::ReadOnly)); data/libquazip-0.9.1/qztest/testquaziodevice.cpp:73:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char outBuf[4]; data/libquazip-0.9.1/qztest/testquaziodevice.cpp:88:16: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). testBuffer.open(QIODevice::WriteOnly); data/libquazip-0.9.1/qztest/testquaziodevice.cpp:91:25: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). QVERIFY(testDevice->open(QIODevice::WriteOnly)); data/libquazip-0.9.1/qztest/testquaziodevice.cpp:102:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char outBuf[5]; data/libquazip-0.9.1/qztest/testquazip.cpp:78:21: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). QVERIFY(testZip.open(QuaZip::mdUnzip)); data/libquazip-0.9.1/qztest/testquazip.cpp:140:21: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). QVERIFY(testZip.open(QuaZip::mdUnzip)); data/libquazip-0.9.1/qztest/testquazip.cpp:144:21: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). QVERIFY(testZip.open(QuaZip::mdAdd)); data/libquazip-0.9.1/qztest/testquazip.cpp:147:26: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). QVERIFY(testFile.open(QIODevice::WriteOnly, data/libquazip-0.9.1/qztest/testquazip.cpp:150:24: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). QVERIFY(inFile.open(QIODevice::ReadOnly)); data/libquazip-0.9.1/qztest/testquazip.cpp:156:21: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). QVERIFY(testZip.open(QuaZip::mdUnzip)); data/libquazip-0.9.1/qztest/testquazip.cpp:195:21: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). QVERIFY(testZip.open(QuaZip::mdUnzip)); data/libquazip-0.9.1/qztest/testquazip.cpp:201:21: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). QVERIFY(testZip.open(QuaZip::mdUnzip)); data/libquazip-0.9.1/qztest/testquazip.cpp:225:13: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). testZip.open(QuaZip::mdCreate); data/libquazip-0.9.1/qztest/testquazip.cpp:228:17: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). testZipFile.open(QIODevice::WriteOnly, QuaZipNewInfo("test.txt")); data/libquazip-0.9.1/qztest/testquazip.cpp:232:14: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). checkZip.open(QuaZip::mdUnzip); data/libquazip-0.9.1/qztest/testquazip.cpp:249:21: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). QVERIFY(testZip.open(QuaZip::mdCreate)); data/libquazip-0.9.1/qztest/testquazip.cpp:251:25: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). QVERIFY(testZipFile.open(QIODevice::WriteOnly, data/libquazip-0.9.1/qztest/testquazip.cpp:258:25: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). QVERIFY(readZipFile.open(QIODevice::ReadOnly)); data/libquazip-0.9.1/qztest/testquazip.cpp:264:21: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). QVERIFY(zipFile.open(QIODevice::ReadOnly)); data/libquazip-0.9.1/qztest/testquazip.cpp:282:23: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). QVERIFY(testZip20.open(QuaZip::mdCreate)); data/libquazip-0.9.1/qztest/testquazip.cpp:284:27: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). QVERIFY(testZipFile20.open(QIODevice::WriteOnly, data/libquazip-0.9.1/qztest/testquazip.cpp:292:23: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). QVERIFY(zipFile20.open(QIODevice::ReadOnly)); data/libquazip-0.9.1/qztest/testquazip.cpp:326:22: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). QVERIFY(diskFile.open(QIODevice::ReadOnly)); data/libquazip-0.9.1/qztest/testquazip.cpp:339:9: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). zip.open(QuaZip::mdCreate); data/libquazip-0.9.1/qztest/testquazip.cpp:351:9: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). zip.open(QuaZip::mdCreate); data/libquazip-0.9.1/qztest/testquazip.cpp:362:17: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). QVERIFY(zip.open(QuaZip::mdCreate)); data/libquazip-0.9.1/qztest/testquazip.cpp:366:21: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). QVERIFY(zipFile.open(QIODevice::WriteOnly, QuaZipNewInfo("test.txt"))); data/libquazip-0.9.1/qztest/testquazip.cpp:369:17: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). QVERIFY(zip.open(QuaZip::mdUnzip)); data/libquazip-0.9.1/qztest/testquazip.cpp:382:21: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). QVERIFY(zip.open(QuaZip::mdCreate)); data/libquazip-0.9.1/qztest/testquazip.cpp:386:21: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). QVERIFY(zip.open(QuaZip::mdCreate)); data/libquazip-0.9.1/qztest/testquazip.cpp:394:21: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). QVERIFY(zip.open(QuaZip::mdCreate)); data/libquazip-0.9.1/qztest/testquazip.cpp:398:21: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). QVERIFY(zip.open(QuaZip::mdCreate)); data/libquazip-0.9.1/qztest/testquazip.cpp:416:9: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). zip.open(QuaZip::mdCreate); data/libquazip-0.9.1/qztest/testquazip.cpp:435:17: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). QVERIFY(zip.open(QuaZip::mdCreate)); data/libquazip-0.9.1/qztest/testquazip.cpp:439:21: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). QVERIFY(zipFile.open(QIODevice::WriteOnly, info, NULL, 0, 0)); data/libquazip-0.9.1/qztest/testquazip.cpp:450:11: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). debug.open(QIODevice::WriteOnly); data/libquazip-0.9.1/qztest/testquazip.cpp:457:25: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). QVERIFY(receivedZip.open(QuaZip::mdUnzip)); data/libquazip-0.9.1/qztest/testquazip.cpp:464:26: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). QVERIFY(receivedFile.open(QIODevice::ReadOnly)); data/libquazip-0.9.1/qztest/testquazipdir.cpp:156:17: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). QVERIFY(zip.open(QuaZip::mdUnzip)); data/libquazip-0.9.1/qztest/testquazipdir.cpp:236:17: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). QVERIFY(zip.open(QuaZip::mdUnzip)); data/libquazip-0.9.1/qztest/testquazipdir.cpp:286:17: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). QVERIFY(zip.open(QuaZip::mdUnzip)); data/libquazip-0.9.1/qztest/testquazipdir.cpp:308:17: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). QVERIFY(zip.open(QuaZip::mdUnzip)); data/libquazip-0.9.1/qztest/testquazipdir.cpp:339:17: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). QVERIFY(zip.open(QuaZip::mdUnzip)); data/libquazip-0.9.1/qztest/testquazipfile.cpp:97:21: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). QVERIFY(testZip.open(QuaZip::mdCreate)); data/libquazip-0.9.1/qztest/testquazipfile.cpp:102:21: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if (!inFile.open(QIODevice::ReadOnly)) { data/libquazip-0.9.1/qztest/testquazipfile.cpp:107:25: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). QVERIFY(outFile.open(QIODevice::WriteOnly, QuaZipNewInfo(fileName, data/libquazip-0.9.1/qztest/testquazipfile.cpp:111:13: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[4096]; data/libquazip-0.9.1/qztest/testquazipfile.cpp:135:23: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). QVERIFY(testUnzip.open(QuaZip::mdUnzip)); data/libquazip-0.9.1/qztest/testquazipfile.cpp:144:26: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). QVERIFY(original.open(QIODevice::ReadOnly)); data/libquazip-0.9.1/qztest/testquazipfile.cpp:146:26: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). QVERIFY(archived.open(QIODevice::ReadOnly, data/libquazip-0.9.1/qztest/testquazipfile.cpp:158:26: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). QVERIFY(original.open(QIODevice::ReadOnly)); data/libquazip-0.9.1/qztest/testquazipfile.cpp:160:26: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). QVERIFY(archived.open(QIODevice::ReadOnly, "WrongPassword")); data/libquazip-0.9.1/qztest/testquazipfile.cpp:197:21: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). QVERIFY(testZip.open(QuaZip::mdUnzip)); data/libquazip-0.9.1/qztest/testquazipfile.cpp:202:25: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). QVERIFY(zipFile.open(QIODevice::ReadOnly)); data/libquazip-0.9.1/qztest/testquazipfile.cpp:233:21: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). QVERIFY(testZip.open(QuaZip::mdUnzip)); data/libquazip-0.9.1/qztest/testquazipfile.cpp:238:25: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). QVERIFY(zipFile.open(QIODevice::ReadOnly)); data/libquazip-0.9.1/qztest/testquazipfile.cpp:269:21: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). QVERIFY(testZip.open(QuaZip::mdUnzip)); data/libquazip-0.9.1/qztest/testquazipfile.cpp:274:25: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). QVERIFY(zipFile.open(QIODevice::ReadOnly)); data/libquazip-0.9.1/qztest/testquazipfile.cpp:301:21: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). QVERIFY(testZip.open(QuaZip::mdCreate)); data/libquazip-0.9.1/qztest/testquazipfile.cpp:304:25: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). QVERIFY(zipFile.open(QIODevice::WriteOnly, QuaZipNewInfo(fileName))); data/libquazip-0.9.1/qztest/testquazipfile.cpp:343:22: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). QVERIFY(testFile.open(QIODevice::ReadOnly)); data/libquazip-0.9.1/qztest/testquazipfile.cpp:363:22: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). QVERIFY(testFile.open(QIODevice::ReadOnly)); data/libquazip-0.9.1/qztest/testquazipfile.cpp:397:22: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). QVERIFY(testFile.open(QIODevice::ReadOnly)); data/libquazip-0.9.1/qztest/testquazipfile.cpp:400:23: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). QVERIFY(!testFile.open(QIODevice::ReadOnly)); data/libquazip-0.9.1/qztest/testquazipfile.cpp:404:22: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). QVERIFY(testFile.open(QIODevice::ReadOnly)); data/libquazip-0.9.1/qztest/testquazipfile.cpp:410:23: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). QVERIFY(!testFile.open(QIODevice::ReadOnly)); data/libquazip-0.9.1/qztest/testquazipfile.cpp:434:21: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). QVERIFY(testZip.open(QuaZip::mdCreate)); data/libquazip-0.9.1/qztest/testquazipfile.cpp:438:21: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). QVERIFY(zipFile.open(QIODevice::WriteOnly, newInfo)); data/libquazip-0.9.1/qztest/testquazipfile.cpp:447:21: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). QVERIFY(zipFile.open(QIODevice::WriteOnly, newInfo)); data/libquazip-0.9.1/qztest/testquazipfile.cpp:453:30: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). QVERIFY(readFilePerm.open(QIODevice::ReadOnly)); data/libquazip-0.9.1/qztest/testquazipfile.cpp:460:31: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). QVERIFY(readFileAttrs.open(QIODevice::ReadOnly)); data/libquazip-0.9.1/qztest/testquazipfile.cpp:489:27: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). QVERIFY(fakeLargeFile.open(QIODevice::WriteOnly)); data/libquazip-0.9.1/qztest/testquazipfile.cpp:497:15: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). extra.open(QIODevice::WriteOnly); data/libquazip-0.9.1/qztest/testquazipfile.cpp:525:15: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). extra.open(QIODevice::WriteOnly); data/libquazip-0.9.1/qztest/testquazipfile.cpp:583:26: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). QVERIFY(fakeLargeZip.open(QuaZip::mdUnzip)); data/libquazip-0.9.1/qztest/testquazipfileinfo.cpp:46:21: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). QVERIFY(zip.open(QuaZip::mdCreate)); data/libquazip-0.9.1/qztest/testquazipfileinfo.cpp:100:25: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). QVERIFY(zipFile.open(QIODevice::WriteOnly, newInfo)); data/libquazip-0.9.1/qztest/testquazipfileinfo.cpp:107:21: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). QVERIFY(zip.open(QuaZip::mdUnzip)); data/libquazip-0.9.1/qztest/testquazipfileinfo.cpp:179:12: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). buffer.open(QBuffer::WriteOnly); data/libquazip-0.9.1/qztest/testquazipfileinfo.cpp:208:17: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). testZip.open(QuaZip::mdCreate); data/libquazip-0.9.1/qztest/testquazipfileinfo.cpp:213:14: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). file.open(QIODevice::WriteOnly, newInfo); data/libquazip-0.9.1/qztest/testquazipfileinfo.cpp:219:17: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). QVERIFY(zip.open(QuaZip::mdUnzip)); data/libquazip-0.9.1/qztest/testquazipfileinfo.cpp:224:21: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). QVERIFY(zipFile.open(QIODevice::ReadOnly)); data/libquazip-0.9.1/qztest/testquazipfileinfo.cpp:243:17: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). QVERIFY(zip.open(QuaZip::mdUnzip)); data/libquazip-0.9.1/qztest/testquazipfileinfo.cpp:249:21: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). QVERIFY(zipFile.open(QIODevice::ReadOnly)); data/libquazip-0.9.1/qztest/testquazipnewinfo.cpp:37:21: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). QVERIFY(zip.open(QuaZip::mdCreate)); data/libquazip-0.9.1/qztest/testquazipnewinfo.cpp:61:25: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). QVERIFY(zipFile.open(QIODevice::WriteOnly, newInfo)); data/libquazip-0.9.1/qztest/testquazipnewinfo.cpp:68:21: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). QVERIFY(zip.open(QuaZip::mdUnzip)); data/libquazip-0.9.1/quazip/JlCompress.cpp:32:33: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). qint64 readLen = inFile.read(buf, 4096); data/libquazip-0.9.1/quazip/qioapi.cpp:150:30: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). qint64 ret64 = iodevice->read((char*)buf,size); data/libquazip-0.9.1/quazip/quaziodevice.cpp:231:10: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). while (read < maxSize) { data/libquazip-0.9.1/quazip/quaziodevice.cpp:234:29: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). d->inBufSize = d->io->read(d->inBuf, QUAZIO_INBUFSIZE); data/libquazip-0.9.1/quazip/quaziodevice.cpp:243:12: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). while (read < maxSize && d->inBufPos < d->inBufSize) { data/libquazip-0.9.1/quazip/quaziodevice.cpp:246:44: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). d->zins.next_out = (Bytef *) (data + read); data/libquazip-0.9.1/quazip/quaziodevice.cpp:247:45: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). d->zins.avail_out = (uInt) (maxSize - read); // hope it's less than 2GB data/libquazip-0.9.1/quazip/quaziodevice.cpp:258:16: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). return read; data/libquazip-0.9.1/quazip/quaziodevice.cpp:268:23: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). more = d->io->read(d->inBuf + d->inBufSize, QUAZIO_INBUFSIZE - d->inBufSize); data/libquazip-0.9.1/quazip/quaziodevice.cpp:274:18: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). return read; data/libquazip-0.9.1/quazip/quaziodevice.cpp:284:23: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). indebug.write(data, read); data/libquazip-0.9.1/quazip/quaziodevice.cpp:286:10: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). return read; data/libquazip-0.9.1/quazip/quazipfileinfo.cpp:191:13: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). if (read < data.size()) data/libquazip-0.9.1/quazip/unzip.c:1274:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(szFileName)>=UNZ_MAXFILENAMEINZIP) data/libquazip-0.9.1/quazip/zip.c:989:30: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). uInt size_filename = (uInt)strlen(filename); data/libquazip-0.9.1/quazip/zip.c:1141:30: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). size_comment = (uInt)strlen(comment); data/libquazip-0.9.1/quazip/zip.c:1143:27: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). size_filename = (uInt)strlen(filename); data/libquazip-0.9.1/quazip/zip.c:1935:33: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). size_global_comment = (uInt)strlen(global_comment); data/libquazip-0.9.1/qztest/qztest.cpp:126:33: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). qint64 l = file.read(buf, 4096); data/libquazip-0.9.1/qztest/testquagzipfile.cpp:31:23: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). void TestQuaGzipFile::read() data/libquazip-0.9.1/qztest/testquagzipfile.cpp:42:23: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). QCOMPARE(testFile.read(buf, 5), static_cast<qint64>(4)); data/libquazip-0.9.1/qztest/testquagzipfile.h:33:10: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). void read(); data/libquazip-0.9.1/qztest/testquaziodevice.cpp:31:24: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). void TestQuaZIODevice::read() data/libquazip-0.9.1/qztest/testquaziodevice.cpp:50:25: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). QCOMPARE(testDevice.read(outBuf, 5), static_cast<qint64>(4)); data/libquazip-0.9.1/qztest/testquaziodevice.cpp:74:25: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). QCOMPARE(testDevice.read(outBuf, 4), static_cast<qint64>(4)); data/libquazip-0.9.1/qztest/testquaziodevice.cpp:77:25: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). QCOMPARE(testDevice.read(4).size(), 4); data/libquazip-0.9.1/qztest/testquaziodevice.h:33:10: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). void read(); data/libquazip-0.9.1/qztest/testquazipfile.cpp:114:29: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). if ((l = inFile.read(buf, readSize)) != readSize) { data/libquazip-0.9.1/qztest/testquazipfile.cpp:204:26: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). QCOMPARE(zipFile.read(1).size(), 1); data/libquazip-0.9.1/qztest/testquazipfile.cpp:206:26: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). QCOMPARE(zipFile.read(fileInfo.size() - 1).size(), data/libquazip-0.9.1/qztest/testquazipfile.cpp:240:26: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). QCOMPARE(zipFile.read(1).size(), 1); data/libquazip-0.9.1/qztest/testquazipfile.cpp:242:26: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). QCOMPARE(zipFile.read(fileInfo.size() - 1).size(), data/libquazip-0.9.1/qztest/testquazipfile.cpp:276:26: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). QCOMPARE(zipFile.read(1).size(), 1); data/libquazip-0.9.1/qztest/testquazipfile.cpp:278:26: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). QCOMPARE(zipFile.read(fileInfo.size() - 1).size(), ANALYSIS SUMMARY: Hits = 200 Lines analyzed = 15025 in approximately 0.46 seconds (32907 lines/second) Physical Source Lines of Code (SLOC) = 9916 Hits@level = [0] 0 [1] 34 [2] 165 [3] 1 [4] 0 [5] 0 Hits@level+ = [0+] 200 [1+] 200 [2+] 166 [3+] 1 [4+] 0 [5+] 0 Hits/KSLOC@level+ = [0+] 20.1694 [1+] 20.1694 [2+] 16.7406 [3+] 0.100847 [4+] 0 [5+] 0 Dot directories skipped = 1 (--followdotdir overrides) Minimum risk level = 1 Not every hit is necessarily a security vulnerability. There may be other security vulnerabilities; review your code! See 'Secure Programming HOWTO' (https://dwheeler.com/secure-programs) for more information.