Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/lokalize-20.08.2/src/editorview.cpp
Examining data/lokalize-20.08.2/src/xlifftextedit.h
Examining data/lokalize-20.08.2/src/catalog/catalogstring.cpp
Examining data/lokalize-20.08.2/src/catalog/catalogcapabilities.h
Examining data/lokalize-20.08.2/src/catalog/gettextheader.cpp
Examining data/lokalize-20.08.2/src/catalog/catalog.h
Examining data/lokalize-20.08.2/src/catalog/phase.h
Examining data/lokalize-20.08.2/src/catalog/catalogstorage.h
Examining data/lokalize-20.08.2/src/catalog/xliff/xliffstorage.h
Examining data/lokalize-20.08.2/src/catalog/xliff/xliffstorage.cpp
Examining data/lokalize-20.08.2/src/catalog/catalog.cpp
Examining data/lokalize-20.08.2/src/catalog/catalogstring.h
Examining data/lokalize-20.08.2/src/catalog/alttrans.h
Examining data/lokalize-20.08.2/src/catalog/gettext/catalogfileplugin.h
Examining data/lokalize-20.08.2/src/catalog/gettext/gettextstorage.h
Examining data/lokalize-20.08.2/src/catalog/gettext/catalogitem.cpp
Examining data/lokalize-20.08.2/src/catalog/gettext/importplugin_private.h
Examining data/lokalize-20.08.2/src/catalog/gettext/importplugin.cpp
Examining data/lokalize-20.08.2/src/catalog/gettext/gettextimport.h
Examining data/lokalize-20.08.2/src/catalog/gettext/gettextexport.h
Examining data/lokalize-20.08.2/src/catalog/gettext/gettextstorage.cpp
Examining data/lokalize-20.08.2/src/catalog/gettext/gettextexport.cpp
Examining data/lokalize-20.08.2/src/catalog/gettext/gettextimport.cpp
Examining data/lokalize-20.08.2/src/catalog/gettext/exportplugin.cpp
Examining data/lokalize-20.08.2/src/catalog/gettext/catalogitem.h
Examining data/lokalize-20.08.2/src/catalog/gettext/catalogitem_private.h
Examining data/lokalize-20.08.2/src/catalog/cmd.h
Examining data/lokalize-20.08.2/src/catalog/phase.cpp
Examining data/lokalize-20.08.2/src/catalog/state.h
Examining data/lokalize-20.08.2/src/catalog/ts/tsstorage.cpp
Examining data/lokalize-20.08.2/src/catalog/ts/tsstorage.h
Examining data/lokalize-20.08.2/src/catalog/catalog_private.h
Examining data/lokalize-20.08.2/src/catalog/cmd.cpp
Examining data/lokalize-20.08.2/src/catalog/pos.h
Examining data/lokalize-20.08.2/src/catalog/note.h
Examining data/lokalize-20.08.2/src/catalog/pos.cpp
Examining data/lokalize-20.08.2/src/catalog/gettextheader.h
Examining data/lokalize-20.08.2/src/xlifftextedit.cpp
Examining data/lokalize-20.08.2/src/binunitsview.cpp
Examining data/lokalize-20.08.2/src/cataloglistview/cataloglistview.h
Examining data/lokalize-20.08.2/src/cataloglistview/catalogmodel.h
Examining data/lokalize-20.08.2/src/cataloglistview/cataloglistview.cpp
Examining data/lokalize-20.08.2/src/cataloglistview/catalogmodel.cpp
Examining data/lokalize-20.08.2/src/editorview.h
Examining data/lokalize-20.08.2/src/completionstorage.h
Examining data/lokalize-20.08.2/src/mergemode/mergecatalog.h
Examining data/lokalize-20.08.2/src/mergemode/mergeview.cpp
Examining data/lokalize-20.08.2/src/mergemode/mergecatalog.cpp
Examining data/lokalize-20.08.2/src/mergemode/mergeview.h
Examining data/lokalize-20.08.2/src/actionproxy.cpp
Examining data/lokalize-20.08.2/src/tests/gettextheadertest.cpp
Examining data/lokalize-20.08.2/src/tests/projectmodeltest.cpp
Examining data/lokalize-20.08.2/src/editortab.h
Examining data/lokalize-20.08.2/src/project/projectmodel.h
Examining data/lokalize-20.08.2/src/project/projectmodel.cpp
Examining data/lokalize-20.08.2/src/project/updatestatsjob.h
Examining data/lokalize-20.08.2/src/project/project.cpp
Examining data/lokalize-20.08.2/src/project/project.h
Examining data/lokalize-20.08.2/src/project/updatestatsjob.cpp
Examining data/lokalize-20.08.2/src/project/projecttab.h
Examining data/lokalize-20.08.2/src/project/projectwidget.h
Examining data/lokalize-20.08.2/src/project/projectwidget.cpp
Examining data/lokalize-20.08.2/src/project/kde-i18n-lists.h
Examining data/lokalize-20.08.2/src/project/projecttab.cpp
Examining data/lokalize-20.08.2/src/editortab.cpp
Examining data/lokalize-20.08.2/src/actionproxy.h
Examining data/lokalize-20.08.2/src/completionstorage.cpp
Examining data/lokalize-20.08.2/src/prefs/prefs.h
Examining data/lokalize-20.08.2/src/prefs/prefs.cpp
Examining data/lokalize-20.08.2/src/noteeditor.h
Examining data/lokalize-20.08.2/src/phaseswindow.h
Examining data/lokalize-20.08.2/src/metadata/xliffextractor.h
Examining data/lokalize-20.08.2/src/metadata/poextractor.h
Examining data/lokalize-20.08.2/src/metadata/filemetadata.cpp
Examining data/lokalize-20.08.2/src/metadata/xliffextractor.cpp
Examining data/lokalize-20.08.2/src/metadata/poextractor.cpp
Examining data/lokalize-20.08.2/src/metadata/filemetadata.h
Examining data/lokalize-20.08.2/src/syntaxhighlighter.cpp
Examining data/lokalize-20.08.2/src/tm/tmmanager.h
Examining data/lokalize-20.08.2/src/tm/tmview.h
Examining data/lokalize-20.08.2/src/tm/jobs.h
Examining data/lokalize-20.08.2/src/tm/qamodel.cpp
Examining data/lokalize-20.08.2/src/tm/qaview.cpp
Examining data/lokalize-20.08.2/src/tm/tmmanager.cpp
Examining data/lokalize-20.08.2/src/tm/tmview.cpp
Examining data/lokalize-20.08.2/src/tm/tmentry.h
Examining data/lokalize-20.08.2/src/tm/jobs.cpp
Examining data/lokalize-20.08.2/src/tm/dbfilesmodel.h
Examining data/lokalize-20.08.2/src/tm/qamodel.h
Examining data/lokalize-20.08.2/src/tm/dbfilesmodel.cpp
Examining data/lokalize-20.08.2/src/tm/tmtab.h
Examining data/lokalize-20.08.2/src/tm/tmtab.cpp
Examining data/lokalize-20.08.2/src/tm/tmscanapi.cpp
Examining data/lokalize-20.08.2/src/tm/rule.h
Examining data/lokalize-20.08.2/src/tm/tmscanapi.h
Examining data/lokalize-20.08.2/src/tm/qaview.h
Examining data/lokalize-20.08.2/src/binunitsview.h
Examining data/lokalize-20.08.2/src/editortab_findreplace.cpp
Examining data/lokalize-20.08.2/src/main.cpp
Examining data/lokalize-20.08.2/src/tools/widgettextcaptureconfig.cpp
Examining data/lokalize-20.08.2/src/tools/widgettextcaptureconfig.h
Examining data/lokalize-20.08.2/src/alttransview.cpp
Examining data/lokalize-20.08.2/src/msgctxtview.cpp
Examining data/lokalize-20.08.2/src/alttransview.h
Examining data/lokalize-20.08.2/src/languagetool/languagetoolgrammarerror.h
Examining data/lokalize-20.08.2/src/languagetool/languagetoolresultjob.cpp
Examining data/lokalize-20.08.2/src/languagetool/languagetoolparser.h
Examining data/lokalize-20.08.2/src/languagetool/languagetoolresultjob.h
Examining data/lokalize-20.08.2/src/languagetool/languagetoolparser.cpp
Examining data/lokalize-20.08.2/src/languagetool/languagetoolmanager.cpp
Examining data/lokalize-20.08.2/src/languagetool/languagetoolmanager.h
Examining data/lokalize-20.08.2/src/languagetool/languagetoolgrammarerror.cpp
Examining data/lokalize-20.08.2/src/syntaxhighlighter.h
Examining data/lokalize-20.08.2/src/multieditoradaptor.h
Examining data/lokalize-20.08.2/src/lokalizemainwindow.cpp
Examining data/lokalize-20.08.2/src/noteeditor.cpp
Examining data/lokalize-20.08.2/src/lokalizesubwindowbase.h
Examining data/lokalize-20.08.2/src/lokalizemainwindow.h
Examining data/lokalize-20.08.2/src/webquery/webqueryview.h
Examining data/lokalize-20.08.2/src/webquery/webquerycontroller.cpp
Examining data/lokalize-20.08.2/src/webquery/webqueryview.cpp
Examining data/lokalize-20.08.2/src/webquery/webquerycontroller.h
Examining data/lokalize-20.08.2/src/webquery/myactioncollectionview.cpp
Examining data/lokalize-20.08.2/src/webquery/myactioncollectionview.h
Examining data/lokalize-20.08.2/src/msgctxtview.h
Examining data/lokalize-20.08.2/src/glossary/glossaryview.h
Examining data/lokalize-20.08.2/src/glossary/glossaryview.cpp
Examining data/lokalize-20.08.2/src/glossary/glossary.cpp
Examining data/lokalize-20.08.2/src/glossary/tbxparser_obsolete.cpp
Examining data/lokalize-20.08.2/src/glossary/glossary.h
Examining data/lokalize-20.08.2/src/glossary/glossarywindow.h
Examining data/lokalize-20.08.2/src/glossary/tbxparser_obsolete.h
Examining data/lokalize-20.08.2/src/glossary/glossarywindow.cpp
Examining data/lokalize-20.08.2/src/phaseswindow.cpp
Examining data/lokalize-20.08.2/src/common/domroutines.h
Examining data/lokalize-20.08.2/src/common/languagelistmodel.h
Examining data/lokalize-20.08.2/src/common/headerviewmenu.cpp
Examining data/lokalize-20.08.2/src/common/diff.cpp
Examining data/lokalize-20.08.2/src/common/domroutines.cpp
Examining data/lokalize-20.08.2/src/common/fastsizehintitemdelegate.h
Examining data/lokalize-20.08.2/src/common/diff.h
Examining data/lokalize-20.08.2/src/common/stemming.cpp
Examining data/lokalize-20.08.2/src/common/termlabel.h
Examining data/lokalize-20.08.2/src/common/flowlayout.h
Examining data/lokalize-20.08.2/src/common/flowlayout.cpp
Examining data/lokalize-20.08.2/src/common/winhelpers.cpp
Examining data/lokalize-20.08.2/src/common/termlabel.cpp
Examining data/lokalize-20.08.2/src/common/fastsizehintitemdelegate.cpp
Examining data/lokalize-20.08.2/src/common/languagelistmodel.cpp
Examining data/lokalize-20.08.2/src/common/htmlhelpers.cpp
Examining data/lokalize-20.08.2/src/common/unixhelpers.cpp
Examining data/lokalize-20.08.2/src/common/headerviewmenu.h
Examining data/lokalize-20.08.2/src/common/stemming.h
Examining data/lokalize-20.08.2/src/filesearch/filesearchtab.h
Examining data/lokalize-20.08.2/src/filesearch/filesearchtab.cpp
FINAL RESULTS:
data/lokalize-20.08.2/src/common/languagelistmodel.cpp:144:25: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
return QLocale::system().name();
data/lokalize-20.08.2/src/common/unixhelpers.cpp:6:30: [4] (misc) getlogin:
It's often easy to fool getlogin. Sometimes it does not work at all,
because some program messed up the utmp file. Often, it gives only the
first 8 characters of the login name. The user currently logged in on the
controlling tty of our program need not be the user who started it. Avoid
getlogin() for security-related purposes (CWE-807). Use getpwuid(geteuid())
and extract the desired information instead.
return QString::fromUtf8(getlogin());
data/lokalize-20.08.2/src/editortab.cpp:215:45: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
QLocale::Language systemLang = QLocale::system().language();
data/lokalize-20.08.2/src/prefs/prefs.cpp:112:22: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
QLocale::system().name())));
data/lokalize-20.08.2/src/project/project.cpp:70:29: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
QString lang = QLocale::system().name();
data/lokalize-20.08.2/src/project/project.cpp:185:30: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
setLangCode(QLocale::system().name());
data/lokalize-20.08.2/src/project/project.cpp:356:26: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
setLangCode(QLocale::system().name());
data/lokalize-20.08.2/src/project/projectwidget.cpp:135:61: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
return QStyledItemDelegate::displayText(value, QLocale::system());
data/lokalize-20.08.2/src/catalog/catalog.cpp:543:20: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (stale->open(QIODevice::ReadOnly) && !autoSave) {
data/lokalize-20.08.2/src/catalog/catalog.cpp:567:15: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!file.open(QIODevice::ReadOnly))
data/lokalize-20.08.2/src/catalog/catalog.cpp:661:26: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (Q_UNLIKELY(!file.open(QIODevice::WriteOnly))) //i18n("Wasn't able to open file %1",filename.ascii());
data/lokalize-20.08.2/src/catalog/catalog.cpp:703:23: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!d._autoSave->open(QIODevice::WriteOnly)) {
data/lokalize-20.08.2/src/catalog/catalog.cpp:721:9: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
buf.open(QIODevice::WriteOnly);
data/lokalize-20.08.2/src/catalog/gettext/catalogfileplugin.h:100:22: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
ConversionStatus open(QIODevice*, GettextStorage* catalog, int* errorLine);
data/lokalize-20.08.2/src/catalog/gettext/gettextstorage.cpp:71:27: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
status = importer.open(device, this, &errorLine);
data/lokalize-20.08.2/src/catalog/gettext/importplugin.cpp:104:39: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
ConversionStatus CatalogImportPlugin::open(QIODevice* device, GettextStorage* catalog, int* line)
data/lokalize-20.08.2/src/glossary/glossary.cpp:77:18: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!device->open(QFile::ReadOnly | QFile::Text)) {
data/lokalize-20.08.2/src/glossary/glossary.cpp:126:15: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!file.open(QFile::ReadOnly | QFile::Text))
data/lokalize-20.08.2/src/glossary/glossary.cpp:145:18: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!device->open(QFile::WriteOnly | QFile::Truncate)) {
data/lokalize-20.08.2/src/lokalizemainwindow.cpp:827:16: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!f.open(QIODevice::WriteOnly))
data/lokalize-20.08.2/src/metadata/xliffextractor.cpp:146:15: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!file.open(QIODevice::ReadOnly | QIODevice::Text)) {
data/lokalize-20.08.2/src/project/updatestatsjob.cpp:76:28: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (Q_UNLIKELY(!db.open()))
data/lokalize-20.08.2/src/project/updatestatsjob.cpp:146:12: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
db.open();
data/lokalize-20.08.2/src/tm/jobs.cpp:1007:41: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
m_connectionSuccessful = db.open();
data/lokalize-20.08.2/src/tm/jobs.cpp:1023:45: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
m_connectionSuccessful = db.open() && initSqliteDb(db);
data/lokalize-20.08.2/src/tm/jobs.cpp:1038:26: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!rdb.open(QIODevice::ReadOnly | QIODevice::Text)) {
data/lokalize-20.08.2/src/tm/jobs.cpp:1057:41: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
m_connectionSuccessful = db.open();
data/lokalize-20.08.2/src/tm/jobs.cpp:1080:12: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
db.open();
data/lokalize-20.08.2/src/tm/jobs.cpp:1957:15: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!file.open(QFile::ReadOnly | QFile::Text))
data/lokalize-20.08.2/src/tm/jobs.cpp:1996:14: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!out.open(QFile::WriteOnly | QFile::Text))
data/lokalize-20.08.2/src/tm/jobs.cpp:2142:68: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
qCWarning(LOKALIZE_LOG) << "ExecQueryJob db.open()=" << db.open();
data/lokalize-20.08.2/src/tm/qamodel.cpp:145:14: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (file.open(QIODevice::ReadOnly)) {
data/lokalize-20.08.2/src/tm/qamodel.cpp:173:17: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!device.open(QFile::WriteOnly | QFile::Truncate))
data/lokalize-20.08.2/src/tm/tmmanager.cpp:199:18: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!rdb.open(QIODevice::WriteOnly | QIODevice::Text | QIODevice::Truncate))
ANALYSIS SUMMARY:
Hits = 34
Lines analyzed = 38762 in approximately 1.04 seconds (37306 lines/second)
Physical Source Lines of Code (SLOC) = 26089
Hits@level = [0] 0 [1] 0 [2] 26 [3] 0 [4] 8 [5] 0
Hits@level+ = [0+] 34 [1+] 34 [2+] 34 [3+] 8 [4+] 8 [5+] 0
Hits/KSLOC@level+ = [0+] 1.30323 [1+] 1.30323 [2+] 1.30323 [3+] 0.306643 [4+] 0.306643 [5+] 0
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.