Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/libquazip-0.9.1/quazip/JlCompress.cpp
Examining data/libquazip-0.9.1/quazip/JlCompress.h
Examining data/libquazip-0.9.1/quazip/ioapi.h
Examining data/libquazip-0.9.1/quazip/minizip_crypt.h
Examining data/libquazip-0.9.1/quazip/qioapi.cpp
Examining data/libquazip-0.9.1/quazip/quaadler32.cpp
Examining data/libquazip-0.9.1/quazip/quaadler32.h
Examining data/libquazip-0.9.1/quazip/quachecksum32.h
Examining data/libquazip-0.9.1/quazip/quacrc32.cpp
Examining data/libquazip-0.9.1/quazip/quacrc32.h
Examining data/libquazip-0.9.1/quazip/quagzipfile.cpp
Examining data/libquazip-0.9.1/quazip/quagzipfile.h
Examining data/libquazip-0.9.1/quazip/quaziodevice.cpp
Examining data/libquazip-0.9.1/quazip/quaziodevice.h
Examining data/libquazip-0.9.1/quazip/quazip.cpp
Examining data/libquazip-0.9.1/quazip/quazip.h
Examining data/libquazip-0.9.1/quazip/quazip_global.h
Examining data/libquazip-0.9.1/quazip/quazipdir.cpp
Examining data/libquazip-0.9.1/quazip/quazipdir.h
Examining data/libquazip-0.9.1/quazip/quazipfile.cpp
Examining data/libquazip-0.9.1/quazip/quazipfile.h
Examining data/libquazip-0.9.1/quazip/quazipfileinfo.cpp
Examining data/libquazip-0.9.1/quazip/quazipfileinfo.h
Examining data/libquazip-0.9.1/quazip/quazipnewinfo.cpp
Examining data/libquazip-0.9.1/quazip/quazipnewinfo.h
Examining data/libquazip-0.9.1/quazip/unzip.c
Examining data/libquazip-0.9.1/quazip/unzip.h
Examining data/libquazip-0.9.1/quazip/zip.c
Examining data/libquazip-0.9.1/quazip/zip.h
Examining data/libquazip-0.9.1/qztest/qztest.cpp
Examining data/libquazip-0.9.1/qztest/qztest.h
Examining data/libquazip-0.9.1/qztest/testjlcompress.cpp
Examining data/libquazip-0.9.1/qztest/testjlcompress.h
Examining data/libquazip-0.9.1/qztest/testquachecksum32.cpp
Examining data/libquazip-0.9.1/qztest/testquachecksum32.h
Examining data/libquazip-0.9.1/qztest/testquagzipfile.cpp
Examining data/libquazip-0.9.1/qztest/testquagzipfile.h
Examining data/libquazip-0.9.1/qztest/testquaziodevice.cpp
Examining data/libquazip-0.9.1/qztest/testquaziodevice.h
Examining data/libquazip-0.9.1/qztest/testquazip.cpp
Examining data/libquazip-0.9.1/qztest/testquazip.h
Examining data/libquazip-0.9.1/qztest/testquazipdir.cpp
Examining data/libquazip-0.9.1/qztest/testquazipdir.h
Examining data/libquazip-0.9.1/qztest/testquazipfile.cpp
Examining data/libquazip-0.9.1/qztest/testquazipfile.h
Examining data/libquazip-0.9.1/qztest/testquazipfileinfo.cpp
Examining data/libquazip-0.9.1/qztest/testquazipfileinfo.h
Examining data/libquazip-0.9.1/qztest/testquazipnewinfo.cpp
Examining data/libquazip-0.9.1/qztest/testquazipnewinfo.h
FINAL RESULTS:
data/libquazip-0.9.1/quazip/minizip_crypt.h:116:9: [3] (random) srand:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
srand((unsigned)(time(NULL) ^ ZCR_SEED2));
data/libquazip-0.9.1/quazip/JlCompress.cpp:31:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[4096];
data/libquazip-0.9.1/quazip/JlCompress.cpp:55:16: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if(!inFile.open(QIODevice::ReadOnly)) return false;
data/libquazip-0.9.1/quazip/JlCompress.cpp:59:17: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if(!outFile.open(QIODevice::WriteOnly, QuaZipNewInfo(fileDest, inFile.fileName()))) return false;
data/libquazip-0.9.1/quazip/JlCompress.cpp:93:19: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!dirZipFile.open(QIODevice::WriteOnly,
data/libquazip-0.9.1/quazip/JlCompress.cpp:146:16: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if(!inFile.open(QIODevice::ReadOnly) || inFile.getZipError()!=UNZ_OK) return false;
data/libquazip-0.9.1/quazip/JlCompress.cpp:175:17: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if(!outFile.open(QIODevice::WriteOnly)) return false;
data/libquazip-0.9.1/quazip/JlCompress.cpp:212:13: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if(!zip.open(QuaZip::mdCreate)) {
data/libquazip-0.9.1/quazip/JlCompress.cpp:237:13: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if(!zip.open(QuaZip::mdCreate)) {
data/libquazip-0.9.1/quazip/JlCompress.cpp:273:13: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if(!zip.open(QuaZip::mdCreate)) {
data/libquazip-0.9.1/quazip/JlCompress.cpp:302:13: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if(!zip.open(QuaZip::mdUnzip)) {
data/libquazip-0.9.1/quazip/JlCompress.cpp:330:13: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if(!zip.open(QuaZip::mdUnzip)) {
data/libquazip-0.9.1/quazip/JlCompress.cpp:369:13: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if(!zip.open(QuaZip::mdUnzip)) {
data/libquazip-0.9.1/quazip/JlCompress.cpp:410:14: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if(!zip->open(QuaZip::mdUnzip)) {
data/libquazip-0.9.1/quazip/ioapi.h:50:17: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
#define fopen64 fopen
data/libquazip-0.9.1/quazip/ioapi.h:55:18: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
#define fopen64 fopen
data/libquazip-0.9.1/quazip/minizip_crypt.h:104:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char header[RAND_HEAD_LEN-2]; /* random header */
data/libquazip-0.9.1/quazip/qioapi.cpp:125:15: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
iodevice->open(desiredMode);
data/libquazip-0.9.1/quazip/quagzipfile.cpp:37:36: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
template<typename FileId> bool open(FileId id,
data/libquazip-0.9.1/quazip/quagzipfile.cpp:39:12: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
gzFile open(int fd, const char *modeString);
data/libquazip-0.9.1/quazip/quagzipfile.cpp:40:12: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
gzFile open(const QString &name, const char *modeString);
data/libquazip-0.9.1/quazip/quagzipfile.cpp:43:28: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
gzFile QuaGzipFilePrivate::open(const QString &name, const char *modeString)
data/libquazip-0.9.1/quazip/quagzipfile.cpp:48:28: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
gzFile QuaGzipFilePrivate::open(int fd, const char *modeString)
data/libquazip-0.9.1/quazip/quagzipfile.cpp:54:26: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
bool QuaGzipFilePrivate::open(FileId id, QIODevice::OpenMode mode,
data/libquazip-0.9.1/quazip/quagzipfile.cpp:57:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char modeString[2];
data/libquazip-0.9.1/quazip/quagzipfile.cpp:78:11: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
gzd = open(id, modeString);
data/libquazip-0.9.1/quazip/quagzipfile.cpp:127:19: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
bool QuaGzipFile::open(QIODevice::OpenMode mode)
data/libquazip-0.9.1/quazip/quagzipfile.cpp:130:13: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!d->open(d->fileName, mode, error)) {
data/libquazip-0.9.1/quazip/quagzipfile.cpp:134:23: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
return QIODevice::open(mode);
data/libquazip-0.9.1/quazip/quagzipfile.cpp:137:19: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
bool QuaGzipFile::open(int fd, QIODevice::OpenMode mode)
data/libquazip-0.9.1/quazip/quagzipfile.cpp:140:13: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!d->open(fd, mode, error)) {
data/libquazip-0.9.1/quazip/quagzipfile.cpp:144:23: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
return QIODevice::open(mode);
data/libquazip-0.9.1/quazip/quagzipfile.h:79:16: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
virtual bool open(QIODevice::OpenMode mode);
data/libquazip-0.9.1/quazip/quagzipfile.h:87:16: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
virtual bool open(int fd, QIODevice::OpenMode mode);
data/libquazip-0.9.1/quazip/quaziodevice.cpp:73:9: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
debug.open(QIODevice::WriteOnly);
data/libquazip-0.9.1/quazip/quaziodevice.cpp:77:11: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
indebug.open(QIODevice::WriteOnly);
data/libquazip-0.9.1/quazip/quaziodevice.cpp:185:20: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
bool QuaZIODevice::open(QIODevice::OpenMode mode)
data/libquazip-0.9.1/quazip/quaziodevice.cpp:209:23: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
return QIODevice::open(mode);
data/libquazip-0.9.1/quazip/quaziodevice.h:80:16: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
virtual bool open(QIODevice::OpenMode mode);
data/libquazip-0.9.1/quazip/quazip.cpp:236:14: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
bool QuaZip::open(Mode mode, zlib_filefunc_def* ioApi)
data/libquazip-0.9.1/quazip/quazip.h:193:10: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
bool open(Mode mode, zlib_filefunc_def *ioApi =NULL);
data/libquazip-0.9.1/quazip/quazipfile.cpp:254:18: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
bool QuaZipFile::open(OpenMode mode)
data/libquazip-0.9.1/quazip/quazipfile.cpp:256:10: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
return open(mode, NULL);
data/libquazip-0.9.1/quazip/quazipfile.cpp:259:18: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
bool QuaZipFile::open(OpenMode mode, int *method, int *level, bool raw, const char *password)
data/libquazip-0.9.1/quazip/quazipfile.cpp:272:19: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if(!p->zip->open(QuaZip::mdUnzip)) {
data/libquazip-0.9.1/quazip/quazipfile.cpp:308:18: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
bool QuaZipFile::open(OpenMode mode, const QuaZipNewInfo& info,
data/libquazip-0.9.1/quazip/quazipfile.h:292:18: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
virtual bool open(OpenMode mode);
data/libquazip-0.9.1/quazip/quazipfile.h:298:17: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
inline bool open(OpenMode mode, const char *password)
data/libquazip-0.9.1/quazip/quazipfile.h:299:13: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
{return open(mode, NULL, NULL, false, password);}
data/libquazip-0.9.1/quazip/quazipfile.h:312:10: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
bool open(OpenMode mode, int *method, int *level, bool raw, const char *password =NULL);
data/libquazip-0.9.1/quazip/quazipfile.h:341:10: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
bool open(OpenMode mode, const QuaZipNewInfo& info,
data/libquazip-0.9.1/quazip/unzip.c:1291:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char szCurrentFileName[UNZ_MAXFILENAMEINZIP+1];
data/libquazip-0.9.1/quazip/unzip.c:1505:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char source[12];
data/libquazip-0.9.1/quazip/zip.c:131:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char data[SIZEDATA_INDATABLOCK];
data/libquazip-0.9.1/quazip/zip.c:302:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buf[8];
data/libquazip-0.9.1/quazip/zip.c:1296:18: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char bufHead[RAND_HEAD_LEN];
data/libquazip-0.9.1/quazip/zip.c:2056:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(pTmp, p, dataSize + 4);
data/libquazip-0.9.1/quazip/zip.c:2070:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(pData, pNewHeader, size);
data/libquazip-0.9.1/qztest/qztest.cpp:67:27: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!testFile.open(QIODevice::WriteOnly | QIODevice::Text)) {
data/libquazip-0.9.1/qztest/qztest.cpp:93:14: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!zip.open(QuaZip::mdCreate)) {
data/libquazip-0.9.1/qztest/qztest.cpp:110:22: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!zipFile.open(QIODevice::WriteOnly,
data/libquazip-0.9.1/qztest/qztest.cpp:119:23: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!file.open(QIODevice::ReadOnly)) {
data/libquazip-0.9.1/qztest/qztest.cpp:125:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[4096];
data/libquazip-0.9.1/qztest/testjlcompress.cpp:67:21: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
QVERIFY(zipFile.open(QIODevice::ReadOnly));
data/libquazip-0.9.1/qztest/testjlcompress.cpp:224:21: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
QVERIFY(zipFile.open(QIODevice::ReadOnly));
data/libquazip-0.9.1/qztest/testjlcompress.cpp:285:21: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
QVERIFY(zipFile.open(QIODevice::ReadOnly));
data/libquazip-0.9.1/qztest/testjlcompress.cpp:374:21: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
QVERIFY(zipFile.open(QIODevice::ReadOnly));
data/libquazip-0.9.1/qztest/testjlcompress.cpp:403:24: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
QVERIFY(zipCreator.open(QuaZip::mdCreate));
data/libquazip-0.9.1/qztest/testjlcompress.cpp:407:22: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
QVERIFY(zeroFile.open(QIODevice::WriteOnly, newInfo));
data/libquazip-0.9.1/qztest/testquagzipfile.cpp:39:22: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
QVERIFY(testFile.open(QIODevice::ReadOnly));
data/libquazip-0.9.1/qztest/testquagzipfile.cpp:40:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[5];
data/libquazip-0.9.1/qztest/testquagzipfile.cpp:57:22: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
QVERIFY(testFile.open(QIODevice::WriteOnly));
data/libquazip-0.9.1/qztest/testquagzipfile.cpp:63:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[5];
data/libquazip-0.9.1/qztest/testquaziodevice.cpp:46:16: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
testBuffer.open(QIODevice::ReadOnly);
data/libquazip-0.9.1/qztest/testquaziodevice.cpp:48:24: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
QVERIFY(testDevice.open(QIODevice::ReadOnly));
data/libquazip-0.9.1/qztest/testquaziodevice.cpp:49:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char outBuf[5];
data/libquazip-0.9.1/qztest/testquaziodevice.cpp:70:16: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
testBuffer.open(QIODevice::ReadOnly);
data/libquazip-0.9.1/qztest/testquaziodevice.cpp:72:24: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
QVERIFY(testDevice.open(QIODevice::ReadOnly));
data/libquazip-0.9.1/qztest/testquaziodevice.cpp:73:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char outBuf[4];
data/libquazip-0.9.1/qztest/testquaziodevice.cpp:88:16: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
testBuffer.open(QIODevice::WriteOnly);
data/libquazip-0.9.1/qztest/testquaziodevice.cpp:91:25: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
QVERIFY(testDevice->open(QIODevice::WriteOnly));
data/libquazip-0.9.1/qztest/testquaziodevice.cpp:102:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char outBuf[5];
data/libquazip-0.9.1/qztest/testquazip.cpp:78:21: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
QVERIFY(testZip.open(QuaZip::mdUnzip));
data/libquazip-0.9.1/qztest/testquazip.cpp:140:21: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
QVERIFY(testZip.open(QuaZip::mdUnzip));
data/libquazip-0.9.1/qztest/testquazip.cpp:144:21: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
QVERIFY(testZip.open(QuaZip::mdAdd));
data/libquazip-0.9.1/qztest/testquazip.cpp:147:26: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
QVERIFY(testFile.open(QIODevice::WriteOnly,
data/libquazip-0.9.1/qztest/testquazip.cpp:150:24: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
QVERIFY(inFile.open(QIODevice::ReadOnly));
data/libquazip-0.9.1/qztest/testquazip.cpp:156:21: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
QVERIFY(testZip.open(QuaZip::mdUnzip));
data/libquazip-0.9.1/qztest/testquazip.cpp:195:21: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
QVERIFY(testZip.open(QuaZip::mdUnzip));
data/libquazip-0.9.1/qztest/testquazip.cpp:201:21: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
QVERIFY(testZip.open(QuaZip::mdUnzip));
data/libquazip-0.9.1/qztest/testquazip.cpp:225:13: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
testZip.open(QuaZip::mdCreate);
data/libquazip-0.9.1/qztest/testquazip.cpp:228:17: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
testZipFile.open(QIODevice::WriteOnly, QuaZipNewInfo("test.txt"));
data/libquazip-0.9.1/qztest/testquazip.cpp:232:14: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
checkZip.open(QuaZip::mdUnzip);
data/libquazip-0.9.1/qztest/testquazip.cpp:249:21: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
QVERIFY(testZip.open(QuaZip::mdCreate));
data/libquazip-0.9.1/qztest/testquazip.cpp:251:25: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
QVERIFY(testZipFile.open(QIODevice::WriteOnly,
data/libquazip-0.9.1/qztest/testquazip.cpp:258:25: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
QVERIFY(readZipFile.open(QIODevice::ReadOnly));
data/libquazip-0.9.1/qztest/testquazip.cpp:264:21: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
QVERIFY(zipFile.open(QIODevice::ReadOnly));
data/libquazip-0.9.1/qztest/testquazip.cpp:282:23: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
QVERIFY(testZip20.open(QuaZip::mdCreate));
data/libquazip-0.9.1/qztest/testquazip.cpp:284:27: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
QVERIFY(testZipFile20.open(QIODevice::WriteOnly,
data/libquazip-0.9.1/qztest/testquazip.cpp:292:23: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
QVERIFY(zipFile20.open(QIODevice::ReadOnly));
data/libquazip-0.9.1/qztest/testquazip.cpp:326:22: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
QVERIFY(diskFile.open(QIODevice::ReadOnly));
data/libquazip-0.9.1/qztest/testquazip.cpp:339:9: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
zip.open(QuaZip::mdCreate);
data/libquazip-0.9.1/qztest/testquazip.cpp:351:9: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
zip.open(QuaZip::mdCreate);
data/libquazip-0.9.1/qztest/testquazip.cpp:362:17: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
QVERIFY(zip.open(QuaZip::mdCreate));
data/libquazip-0.9.1/qztest/testquazip.cpp:366:21: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
QVERIFY(zipFile.open(QIODevice::WriteOnly, QuaZipNewInfo("test.txt")));
data/libquazip-0.9.1/qztest/testquazip.cpp:369:17: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
QVERIFY(zip.open(QuaZip::mdUnzip));
data/libquazip-0.9.1/qztest/testquazip.cpp:382:21: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
QVERIFY(zip.open(QuaZip::mdCreate));
data/libquazip-0.9.1/qztest/testquazip.cpp:386:21: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
QVERIFY(zip.open(QuaZip::mdCreate));
data/libquazip-0.9.1/qztest/testquazip.cpp:394:21: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
QVERIFY(zip.open(QuaZip::mdCreate));
data/libquazip-0.9.1/qztest/testquazip.cpp:398:21: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
QVERIFY(zip.open(QuaZip::mdCreate));
data/libquazip-0.9.1/qztest/testquazip.cpp:416:9: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
zip.open(QuaZip::mdCreate);
data/libquazip-0.9.1/qztest/testquazip.cpp:435:17: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
QVERIFY(zip.open(QuaZip::mdCreate));
data/libquazip-0.9.1/qztest/testquazip.cpp:439:21: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
QVERIFY(zipFile.open(QIODevice::WriteOnly, info, NULL, 0, 0));
data/libquazip-0.9.1/qztest/testquazip.cpp:450:11: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
debug.open(QIODevice::WriteOnly);
data/libquazip-0.9.1/qztest/testquazip.cpp:457:25: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
QVERIFY(receivedZip.open(QuaZip::mdUnzip));
data/libquazip-0.9.1/qztest/testquazip.cpp:464:26: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
QVERIFY(receivedFile.open(QIODevice::ReadOnly));
data/libquazip-0.9.1/qztest/testquazipdir.cpp:156:17: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
QVERIFY(zip.open(QuaZip::mdUnzip));
data/libquazip-0.9.1/qztest/testquazipdir.cpp:236:17: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
QVERIFY(zip.open(QuaZip::mdUnzip));
data/libquazip-0.9.1/qztest/testquazipdir.cpp:286:17: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
QVERIFY(zip.open(QuaZip::mdUnzip));
data/libquazip-0.9.1/qztest/testquazipdir.cpp:308:17: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
QVERIFY(zip.open(QuaZip::mdUnzip));
data/libquazip-0.9.1/qztest/testquazipdir.cpp:339:17: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
QVERIFY(zip.open(QuaZip::mdUnzip));
data/libquazip-0.9.1/qztest/testquazipfile.cpp:97:21: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
QVERIFY(testZip.open(QuaZip::mdCreate));
data/libquazip-0.9.1/qztest/testquazipfile.cpp:102:21: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!inFile.open(QIODevice::ReadOnly)) {
data/libquazip-0.9.1/qztest/testquazipfile.cpp:107:25: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
QVERIFY(outFile.open(QIODevice::WriteOnly, QuaZipNewInfo(fileName,
data/libquazip-0.9.1/qztest/testquazipfile.cpp:111:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[4096];
data/libquazip-0.9.1/qztest/testquazipfile.cpp:135:23: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
QVERIFY(testUnzip.open(QuaZip::mdUnzip));
data/libquazip-0.9.1/qztest/testquazipfile.cpp:144:26: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
QVERIFY(original.open(QIODevice::ReadOnly));
data/libquazip-0.9.1/qztest/testquazipfile.cpp:146:26: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
QVERIFY(archived.open(QIODevice::ReadOnly,
data/libquazip-0.9.1/qztest/testquazipfile.cpp:158:26: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
QVERIFY(original.open(QIODevice::ReadOnly));
data/libquazip-0.9.1/qztest/testquazipfile.cpp:160:26: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
QVERIFY(archived.open(QIODevice::ReadOnly, "WrongPassword"));
data/libquazip-0.9.1/qztest/testquazipfile.cpp:197:21: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
QVERIFY(testZip.open(QuaZip::mdUnzip));
data/libquazip-0.9.1/qztest/testquazipfile.cpp:202:25: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
QVERIFY(zipFile.open(QIODevice::ReadOnly));
data/libquazip-0.9.1/qztest/testquazipfile.cpp:233:21: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
QVERIFY(testZip.open(QuaZip::mdUnzip));
data/libquazip-0.9.1/qztest/testquazipfile.cpp:238:25: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
QVERIFY(zipFile.open(QIODevice::ReadOnly));
data/libquazip-0.9.1/qztest/testquazipfile.cpp:269:21: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
QVERIFY(testZip.open(QuaZip::mdUnzip));
data/libquazip-0.9.1/qztest/testquazipfile.cpp:274:25: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
QVERIFY(zipFile.open(QIODevice::ReadOnly));
data/libquazip-0.9.1/qztest/testquazipfile.cpp:301:21: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
QVERIFY(testZip.open(QuaZip::mdCreate));
data/libquazip-0.9.1/qztest/testquazipfile.cpp:304:25: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
QVERIFY(zipFile.open(QIODevice::WriteOnly, QuaZipNewInfo(fileName)));
data/libquazip-0.9.1/qztest/testquazipfile.cpp:343:22: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
QVERIFY(testFile.open(QIODevice::ReadOnly));
data/libquazip-0.9.1/qztest/testquazipfile.cpp:363:22: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
QVERIFY(testFile.open(QIODevice::ReadOnly));
data/libquazip-0.9.1/qztest/testquazipfile.cpp:397:22: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
QVERIFY(testFile.open(QIODevice::ReadOnly));
data/libquazip-0.9.1/qztest/testquazipfile.cpp:400:23: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
QVERIFY(!testFile.open(QIODevice::ReadOnly));
data/libquazip-0.9.1/qztest/testquazipfile.cpp:404:22: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
QVERIFY(testFile.open(QIODevice::ReadOnly));
data/libquazip-0.9.1/qztest/testquazipfile.cpp:410:23: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
QVERIFY(!testFile.open(QIODevice::ReadOnly));
data/libquazip-0.9.1/qztest/testquazipfile.cpp:434:21: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
QVERIFY(testZip.open(QuaZip::mdCreate));
data/libquazip-0.9.1/qztest/testquazipfile.cpp:438:21: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
QVERIFY(zipFile.open(QIODevice::WriteOnly, newInfo));
data/libquazip-0.9.1/qztest/testquazipfile.cpp:447:21: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
QVERIFY(zipFile.open(QIODevice::WriteOnly, newInfo));
data/libquazip-0.9.1/qztest/testquazipfile.cpp:453:30: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
QVERIFY(readFilePerm.open(QIODevice::ReadOnly));
data/libquazip-0.9.1/qztest/testquazipfile.cpp:460:31: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
QVERIFY(readFileAttrs.open(QIODevice::ReadOnly));
data/libquazip-0.9.1/qztest/testquazipfile.cpp:489:27: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
QVERIFY(fakeLargeFile.open(QIODevice::WriteOnly));
data/libquazip-0.9.1/qztest/testquazipfile.cpp:497:15: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
extra.open(QIODevice::WriteOnly);
data/libquazip-0.9.1/qztest/testquazipfile.cpp:525:15: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
extra.open(QIODevice::WriteOnly);
data/libquazip-0.9.1/qztest/testquazipfile.cpp:583:26: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
QVERIFY(fakeLargeZip.open(QuaZip::mdUnzip));
data/libquazip-0.9.1/qztest/testquazipfileinfo.cpp:46:21: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
QVERIFY(zip.open(QuaZip::mdCreate));
data/libquazip-0.9.1/qztest/testquazipfileinfo.cpp:100:25: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
QVERIFY(zipFile.open(QIODevice::WriteOnly, newInfo));
data/libquazip-0.9.1/qztest/testquazipfileinfo.cpp:107:21: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
QVERIFY(zip.open(QuaZip::mdUnzip));
data/libquazip-0.9.1/qztest/testquazipfileinfo.cpp:179:12: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
buffer.open(QBuffer::WriteOnly);
data/libquazip-0.9.1/qztest/testquazipfileinfo.cpp:208:17: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
testZip.open(QuaZip::mdCreate);
data/libquazip-0.9.1/qztest/testquazipfileinfo.cpp:213:14: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
file.open(QIODevice::WriteOnly, newInfo);
data/libquazip-0.9.1/qztest/testquazipfileinfo.cpp:219:17: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
QVERIFY(zip.open(QuaZip::mdUnzip));
data/libquazip-0.9.1/qztest/testquazipfileinfo.cpp:224:21: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
QVERIFY(zipFile.open(QIODevice::ReadOnly));
data/libquazip-0.9.1/qztest/testquazipfileinfo.cpp:243:17: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
QVERIFY(zip.open(QuaZip::mdUnzip));
data/libquazip-0.9.1/qztest/testquazipfileinfo.cpp:249:21: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
QVERIFY(zipFile.open(QIODevice::ReadOnly));
data/libquazip-0.9.1/qztest/testquazipnewinfo.cpp:37:21: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
QVERIFY(zip.open(QuaZip::mdCreate));
data/libquazip-0.9.1/qztest/testquazipnewinfo.cpp:61:25: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
QVERIFY(zipFile.open(QIODevice::WriteOnly, newInfo));
data/libquazip-0.9.1/qztest/testquazipnewinfo.cpp:68:21: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
QVERIFY(zip.open(QuaZip::mdUnzip));
data/libquazip-0.9.1/quazip/JlCompress.cpp:32:33: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
qint64 readLen = inFile.read(buf, 4096);
data/libquazip-0.9.1/quazip/qioapi.cpp:150:30: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
qint64 ret64 = iodevice->read((char*)buf,size);
data/libquazip-0.9.1/quazip/quaziodevice.cpp:231:10: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
while (read < maxSize) {
data/libquazip-0.9.1/quazip/quaziodevice.cpp:234:29: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
d->inBufSize = d->io->read(d->inBuf, QUAZIO_INBUFSIZE);
data/libquazip-0.9.1/quazip/quaziodevice.cpp:243:12: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
while (read < maxSize && d->inBufPos < d->inBufSize) {
data/libquazip-0.9.1/quazip/quaziodevice.cpp:246:44: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
d->zins.next_out = (Bytef *) (data + read);
data/libquazip-0.9.1/quazip/quaziodevice.cpp:247:45: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
d->zins.avail_out = (uInt) (maxSize - read); // hope it's less than 2GB
data/libquazip-0.9.1/quazip/quaziodevice.cpp:258:16: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
return read;
data/libquazip-0.9.1/quazip/quaziodevice.cpp:268:23: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
more = d->io->read(d->inBuf + d->inBufSize, QUAZIO_INBUFSIZE - d->inBufSize);
data/libquazip-0.9.1/quazip/quaziodevice.cpp:274:18: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
return read;
data/libquazip-0.9.1/quazip/quaziodevice.cpp:284:23: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
indebug.write(data, read);
data/libquazip-0.9.1/quazip/quaziodevice.cpp:286:10: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
return read;
data/libquazip-0.9.1/quazip/quazipfileinfo.cpp:191:13: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (read < data.size())
data/libquazip-0.9.1/quazip/unzip.c:1274:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(szFileName)>=UNZ_MAXFILENAMEINZIP)
data/libquazip-0.9.1/quazip/zip.c:989:30: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
uInt size_filename = (uInt)strlen(filename);
data/libquazip-0.9.1/quazip/zip.c:1141:30: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_comment = (uInt)strlen(comment);
data/libquazip-0.9.1/quazip/zip.c:1143:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_filename = (uInt)strlen(filename);
data/libquazip-0.9.1/quazip/zip.c:1935:33: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_global_comment = (uInt)strlen(global_comment);
data/libquazip-0.9.1/qztest/qztest.cpp:126:33: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
qint64 l = file.read(buf, 4096);
data/libquazip-0.9.1/qztest/testquagzipfile.cpp:31:23: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
void TestQuaGzipFile::read()
data/libquazip-0.9.1/qztest/testquagzipfile.cpp:42:23: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
QCOMPARE(testFile.read(buf, 5), static_cast<qint64>(4));
data/libquazip-0.9.1/qztest/testquagzipfile.h:33:10: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
void read();
data/libquazip-0.9.1/qztest/testquaziodevice.cpp:31:24: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
void TestQuaZIODevice::read()
data/libquazip-0.9.1/qztest/testquaziodevice.cpp:50:25: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
QCOMPARE(testDevice.read(outBuf, 5), static_cast<qint64>(4));
data/libquazip-0.9.1/qztest/testquaziodevice.cpp:74:25: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
QCOMPARE(testDevice.read(outBuf, 4), static_cast<qint64>(4));
data/libquazip-0.9.1/qztest/testquaziodevice.cpp:77:25: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
QCOMPARE(testDevice.read(4).size(), 4);
data/libquazip-0.9.1/qztest/testquaziodevice.h:33:10: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
void read();
data/libquazip-0.9.1/qztest/testquazipfile.cpp:114:29: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if ((l = inFile.read(buf, readSize)) != readSize) {
data/libquazip-0.9.1/qztest/testquazipfile.cpp:204:26: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
QCOMPARE(zipFile.read(1).size(), 1);
data/libquazip-0.9.1/qztest/testquazipfile.cpp:206:26: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
QCOMPARE(zipFile.read(fileInfo.size() - 1).size(),
data/libquazip-0.9.1/qztest/testquazipfile.cpp:240:26: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
QCOMPARE(zipFile.read(1).size(), 1);
data/libquazip-0.9.1/qztest/testquazipfile.cpp:242:26: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
QCOMPARE(zipFile.read(fileInfo.size() - 1).size(),
data/libquazip-0.9.1/qztest/testquazipfile.cpp:276:26: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
QCOMPARE(zipFile.read(1).size(), 1);
data/libquazip-0.9.1/qztest/testquazipfile.cpp:278:26: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
QCOMPARE(zipFile.read(fileInfo.size() - 1).size(),
ANALYSIS SUMMARY:
Hits = 200
Lines analyzed = 15025 in approximately 0.46 seconds (32907 lines/second)
Physical Source Lines of Code (SLOC) = 9916
Hits@level = [0] 0 [1] 34 [2] 165 [3] 1 [4] 0 [5] 0
Hits@level+ = [0+] 200 [1+] 200 [2+] 166 [3+] 1 [4+] 0 [5+] 0
Hits/KSLOC@level+ = [0+] 20.1694 [1+] 20.1694 [2+] 16.7406 [3+] 0.100847 [4+] 0 [5+] 0
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.