Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler. Number of rules (primarily dangerous function names) in C/C++ ruleset: 223 Examining data/lokalize-20.08.2/src/editorview.cpp Examining data/lokalize-20.08.2/src/xlifftextedit.h Examining data/lokalize-20.08.2/src/catalog/catalogstring.cpp Examining data/lokalize-20.08.2/src/catalog/catalogcapabilities.h Examining data/lokalize-20.08.2/src/catalog/gettextheader.cpp Examining data/lokalize-20.08.2/src/catalog/catalog.h Examining data/lokalize-20.08.2/src/catalog/phase.h Examining data/lokalize-20.08.2/src/catalog/catalogstorage.h Examining data/lokalize-20.08.2/src/catalog/xliff/xliffstorage.h Examining data/lokalize-20.08.2/src/catalog/xliff/xliffstorage.cpp Examining data/lokalize-20.08.2/src/catalog/catalog.cpp Examining data/lokalize-20.08.2/src/catalog/catalogstring.h Examining data/lokalize-20.08.2/src/catalog/alttrans.h Examining data/lokalize-20.08.2/src/catalog/gettext/catalogfileplugin.h Examining data/lokalize-20.08.2/src/catalog/gettext/gettextstorage.h Examining data/lokalize-20.08.2/src/catalog/gettext/catalogitem.cpp Examining data/lokalize-20.08.2/src/catalog/gettext/importplugin_private.h Examining data/lokalize-20.08.2/src/catalog/gettext/importplugin.cpp Examining data/lokalize-20.08.2/src/catalog/gettext/gettextimport.h Examining data/lokalize-20.08.2/src/catalog/gettext/gettextexport.h Examining data/lokalize-20.08.2/src/catalog/gettext/gettextstorage.cpp Examining data/lokalize-20.08.2/src/catalog/gettext/gettextexport.cpp Examining data/lokalize-20.08.2/src/catalog/gettext/gettextimport.cpp Examining data/lokalize-20.08.2/src/catalog/gettext/exportplugin.cpp Examining data/lokalize-20.08.2/src/catalog/gettext/catalogitem.h Examining data/lokalize-20.08.2/src/catalog/gettext/catalogitem_private.h Examining data/lokalize-20.08.2/src/catalog/cmd.h Examining data/lokalize-20.08.2/src/catalog/phase.cpp Examining data/lokalize-20.08.2/src/catalog/state.h Examining data/lokalize-20.08.2/src/catalog/ts/tsstorage.cpp Examining data/lokalize-20.08.2/src/catalog/ts/tsstorage.h Examining data/lokalize-20.08.2/src/catalog/catalog_private.h Examining data/lokalize-20.08.2/src/catalog/cmd.cpp Examining data/lokalize-20.08.2/src/catalog/pos.h Examining data/lokalize-20.08.2/src/catalog/note.h Examining data/lokalize-20.08.2/src/catalog/pos.cpp Examining data/lokalize-20.08.2/src/catalog/gettextheader.h Examining data/lokalize-20.08.2/src/xlifftextedit.cpp Examining data/lokalize-20.08.2/src/binunitsview.cpp Examining data/lokalize-20.08.2/src/cataloglistview/cataloglistview.h Examining data/lokalize-20.08.2/src/cataloglistview/catalogmodel.h Examining data/lokalize-20.08.2/src/cataloglistview/cataloglistview.cpp Examining data/lokalize-20.08.2/src/cataloglistview/catalogmodel.cpp Examining data/lokalize-20.08.2/src/editorview.h Examining data/lokalize-20.08.2/src/completionstorage.h Examining data/lokalize-20.08.2/src/mergemode/mergecatalog.h Examining data/lokalize-20.08.2/src/mergemode/mergeview.cpp Examining data/lokalize-20.08.2/src/mergemode/mergecatalog.cpp Examining data/lokalize-20.08.2/src/mergemode/mergeview.h Examining data/lokalize-20.08.2/src/actionproxy.cpp Examining data/lokalize-20.08.2/src/tests/gettextheadertest.cpp Examining data/lokalize-20.08.2/src/tests/projectmodeltest.cpp Examining data/lokalize-20.08.2/src/editortab.h Examining data/lokalize-20.08.2/src/project/projectmodel.h Examining data/lokalize-20.08.2/src/project/projectmodel.cpp Examining data/lokalize-20.08.2/src/project/updatestatsjob.h Examining data/lokalize-20.08.2/src/project/project.cpp Examining data/lokalize-20.08.2/src/project/project.h Examining data/lokalize-20.08.2/src/project/updatestatsjob.cpp Examining data/lokalize-20.08.2/src/project/projecttab.h Examining data/lokalize-20.08.2/src/project/projectwidget.h Examining data/lokalize-20.08.2/src/project/projectwidget.cpp Examining data/lokalize-20.08.2/src/project/kde-i18n-lists.h Examining data/lokalize-20.08.2/src/project/projecttab.cpp Examining data/lokalize-20.08.2/src/editortab.cpp Examining data/lokalize-20.08.2/src/actionproxy.h Examining data/lokalize-20.08.2/src/completionstorage.cpp Examining data/lokalize-20.08.2/src/prefs/prefs.h Examining data/lokalize-20.08.2/src/prefs/prefs.cpp Examining data/lokalize-20.08.2/src/noteeditor.h Examining data/lokalize-20.08.2/src/phaseswindow.h Examining data/lokalize-20.08.2/src/metadata/xliffextractor.h Examining data/lokalize-20.08.2/src/metadata/poextractor.h Examining data/lokalize-20.08.2/src/metadata/filemetadata.cpp Examining data/lokalize-20.08.2/src/metadata/xliffextractor.cpp Examining data/lokalize-20.08.2/src/metadata/poextractor.cpp Examining data/lokalize-20.08.2/src/metadata/filemetadata.h Examining data/lokalize-20.08.2/src/syntaxhighlighter.cpp Examining data/lokalize-20.08.2/src/tm/tmmanager.h Examining data/lokalize-20.08.2/src/tm/tmview.h Examining data/lokalize-20.08.2/src/tm/jobs.h Examining data/lokalize-20.08.2/src/tm/qamodel.cpp Examining data/lokalize-20.08.2/src/tm/qaview.cpp Examining data/lokalize-20.08.2/src/tm/tmmanager.cpp Examining data/lokalize-20.08.2/src/tm/tmview.cpp Examining data/lokalize-20.08.2/src/tm/tmentry.h Examining data/lokalize-20.08.2/src/tm/jobs.cpp Examining data/lokalize-20.08.2/src/tm/dbfilesmodel.h Examining data/lokalize-20.08.2/src/tm/qamodel.h Examining data/lokalize-20.08.2/src/tm/dbfilesmodel.cpp Examining data/lokalize-20.08.2/src/tm/tmtab.h Examining data/lokalize-20.08.2/src/tm/tmtab.cpp Examining data/lokalize-20.08.2/src/tm/tmscanapi.cpp Examining data/lokalize-20.08.2/src/tm/rule.h Examining data/lokalize-20.08.2/src/tm/tmscanapi.h Examining data/lokalize-20.08.2/src/tm/qaview.h Examining data/lokalize-20.08.2/src/binunitsview.h Examining data/lokalize-20.08.2/src/editortab_findreplace.cpp Examining data/lokalize-20.08.2/src/main.cpp Examining data/lokalize-20.08.2/src/tools/widgettextcaptureconfig.cpp Examining data/lokalize-20.08.2/src/tools/widgettextcaptureconfig.h Examining data/lokalize-20.08.2/src/alttransview.cpp Examining data/lokalize-20.08.2/src/msgctxtview.cpp Examining data/lokalize-20.08.2/src/alttransview.h Examining data/lokalize-20.08.2/src/languagetool/languagetoolgrammarerror.h Examining data/lokalize-20.08.2/src/languagetool/languagetoolresultjob.cpp Examining data/lokalize-20.08.2/src/languagetool/languagetoolparser.h Examining data/lokalize-20.08.2/src/languagetool/languagetoolresultjob.h Examining data/lokalize-20.08.2/src/languagetool/languagetoolparser.cpp Examining data/lokalize-20.08.2/src/languagetool/languagetoolmanager.cpp Examining data/lokalize-20.08.2/src/languagetool/languagetoolmanager.h Examining data/lokalize-20.08.2/src/languagetool/languagetoolgrammarerror.cpp Examining data/lokalize-20.08.2/src/syntaxhighlighter.h Examining data/lokalize-20.08.2/src/multieditoradaptor.h Examining data/lokalize-20.08.2/src/lokalizemainwindow.cpp Examining data/lokalize-20.08.2/src/noteeditor.cpp Examining data/lokalize-20.08.2/src/lokalizesubwindowbase.h Examining data/lokalize-20.08.2/src/lokalizemainwindow.h Examining data/lokalize-20.08.2/src/webquery/webqueryview.h Examining data/lokalize-20.08.2/src/webquery/webquerycontroller.cpp Examining data/lokalize-20.08.2/src/webquery/webqueryview.cpp Examining data/lokalize-20.08.2/src/webquery/webquerycontroller.h Examining data/lokalize-20.08.2/src/webquery/myactioncollectionview.cpp Examining data/lokalize-20.08.2/src/webquery/myactioncollectionview.h Examining data/lokalize-20.08.2/src/msgctxtview.h Examining data/lokalize-20.08.2/src/glossary/glossaryview.h Examining data/lokalize-20.08.2/src/glossary/glossaryview.cpp Examining data/lokalize-20.08.2/src/glossary/glossary.cpp Examining data/lokalize-20.08.2/src/glossary/tbxparser_obsolete.cpp Examining data/lokalize-20.08.2/src/glossary/glossary.h Examining data/lokalize-20.08.2/src/glossary/glossarywindow.h Examining data/lokalize-20.08.2/src/glossary/tbxparser_obsolete.h Examining data/lokalize-20.08.2/src/glossary/glossarywindow.cpp Examining data/lokalize-20.08.2/src/phaseswindow.cpp Examining data/lokalize-20.08.2/src/common/domroutines.h Examining data/lokalize-20.08.2/src/common/languagelistmodel.h Examining data/lokalize-20.08.2/src/common/headerviewmenu.cpp Examining data/lokalize-20.08.2/src/common/diff.cpp Examining data/lokalize-20.08.2/src/common/domroutines.cpp Examining data/lokalize-20.08.2/src/common/fastsizehintitemdelegate.h Examining data/lokalize-20.08.2/src/common/diff.h Examining data/lokalize-20.08.2/src/common/stemming.cpp Examining data/lokalize-20.08.2/src/common/termlabel.h Examining data/lokalize-20.08.2/src/common/flowlayout.h Examining data/lokalize-20.08.2/src/common/flowlayout.cpp Examining data/lokalize-20.08.2/src/common/winhelpers.cpp Examining data/lokalize-20.08.2/src/common/termlabel.cpp Examining data/lokalize-20.08.2/src/common/fastsizehintitemdelegate.cpp Examining data/lokalize-20.08.2/src/common/languagelistmodel.cpp Examining data/lokalize-20.08.2/src/common/htmlhelpers.cpp Examining data/lokalize-20.08.2/src/common/unixhelpers.cpp Examining data/lokalize-20.08.2/src/common/headerviewmenu.h Examining data/lokalize-20.08.2/src/common/stemming.h Examining data/lokalize-20.08.2/src/filesearch/filesearchtab.h Examining data/lokalize-20.08.2/src/filesearch/filesearchtab.cpp FINAL RESULTS: data/lokalize-20.08.2/src/common/languagelistmodel.cpp:144:25: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. return QLocale::system().name(); data/lokalize-20.08.2/src/common/unixhelpers.cpp:6:30: [4] (misc) getlogin: It's often easy to fool getlogin. Sometimes it does not work at all, because some program messed up the utmp file. Often, it gives only the first 8 characters of the login name. The user currently logged in on the controlling tty of our program need not be the user who started it. Avoid getlogin() for security-related purposes (CWE-807). Use getpwuid(geteuid()) and extract the desired information instead. return QString::fromUtf8(getlogin()); data/lokalize-20.08.2/src/editortab.cpp:215:45: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. QLocale::Language systemLang = QLocale::system().language(); data/lokalize-20.08.2/src/prefs/prefs.cpp:112:22: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. QLocale::system().name()))); data/lokalize-20.08.2/src/project/project.cpp:70:29: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. QString lang = QLocale::system().name(); data/lokalize-20.08.2/src/project/project.cpp:185:30: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. setLangCode(QLocale::system().name()); data/lokalize-20.08.2/src/project/project.cpp:356:26: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. setLangCode(QLocale::system().name()); data/lokalize-20.08.2/src/project/projectwidget.cpp:135:61: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. return QStyledItemDelegate::displayText(value, QLocale::system()); data/lokalize-20.08.2/src/catalog/catalog.cpp:543:20: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if (stale->open(QIODevice::ReadOnly) && !autoSave) { data/lokalize-20.08.2/src/catalog/catalog.cpp:567:15: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if (!file.open(QIODevice::ReadOnly)) data/lokalize-20.08.2/src/catalog/catalog.cpp:661:26: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if (Q_UNLIKELY(!file.open(QIODevice::WriteOnly))) //i18n("Wasn't able to open file %1",filename.ascii()); data/lokalize-20.08.2/src/catalog/catalog.cpp:703:23: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if (!d._autoSave->open(QIODevice::WriteOnly)) { data/lokalize-20.08.2/src/catalog/catalog.cpp:721:9: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). buf.open(QIODevice::WriteOnly); data/lokalize-20.08.2/src/catalog/gettext/catalogfileplugin.h:100:22: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). ConversionStatus open(QIODevice*, GettextStorage* catalog, int* errorLine); data/lokalize-20.08.2/src/catalog/gettext/gettextstorage.cpp:71:27: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). status = importer.open(device, this, &errorLine); data/lokalize-20.08.2/src/catalog/gettext/importplugin.cpp:104:39: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). ConversionStatus CatalogImportPlugin::open(QIODevice* device, GettextStorage* catalog, int* line) data/lokalize-20.08.2/src/glossary/glossary.cpp:77:18: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if (!device->open(QFile::ReadOnly | QFile::Text)) { data/lokalize-20.08.2/src/glossary/glossary.cpp:126:15: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if (!file.open(QFile::ReadOnly | QFile::Text)) data/lokalize-20.08.2/src/glossary/glossary.cpp:145:18: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if (!device->open(QFile::WriteOnly | QFile::Truncate)) { data/lokalize-20.08.2/src/lokalizemainwindow.cpp:827:16: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if (!f.open(QIODevice::WriteOnly)) data/lokalize-20.08.2/src/metadata/xliffextractor.cpp:146:15: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if (!file.open(QIODevice::ReadOnly | QIODevice::Text)) { data/lokalize-20.08.2/src/project/updatestatsjob.cpp:76:28: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if (Q_UNLIKELY(!db.open())) data/lokalize-20.08.2/src/project/updatestatsjob.cpp:146:12: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). db.open(); data/lokalize-20.08.2/src/tm/jobs.cpp:1007:41: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). m_connectionSuccessful = db.open(); data/lokalize-20.08.2/src/tm/jobs.cpp:1023:45: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). m_connectionSuccessful = db.open() && initSqliteDb(db); data/lokalize-20.08.2/src/tm/jobs.cpp:1038:26: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if (!rdb.open(QIODevice::ReadOnly | QIODevice::Text)) { data/lokalize-20.08.2/src/tm/jobs.cpp:1057:41: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). m_connectionSuccessful = db.open(); data/lokalize-20.08.2/src/tm/jobs.cpp:1080:12: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). db.open(); data/lokalize-20.08.2/src/tm/jobs.cpp:1957:15: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if (!file.open(QFile::ReadOnly | QFile::Text)) data/lokalize-20.08.2/src/tm/jobs.cpp:1996:14: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if (!out.open(QFile::WriteOnly | QFile::Text)) data/lokalize-20.08.2/src/tm/jobs.cpp:2142:68: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). qCWarning(LOKALIZE_LOG) << "ExecQueryJob db.open()=" << db.open(); data/lokalize-20.08.2/src/tm/qamodel.cpp:145:14: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if (file.open(QIODevice::ReadOnly)) { data/lokalize-20.08.2/src/tm/qamodel.cpp:173:17: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if (!device.open(QFile::WriteOnly | QFile::Truncate)) data/lokalize-20.08.2/src/tm/tmmanager.cpp:199:18: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if (!rdb.open(QIODevice::WriteOnly | QIODevice::Text | QIODevice::Truncate)) ANALYSIS SUMMARY: Hits = 34 Lines analyzed = 38762 in approximately 1.04 seconds (37306 lines/second) Physical Source Lines of Code (SLOC) = 26089 Hits@level = [0] 0 [1] 0 [2] 26 [3] 0 [4] 8 [5] 0 Hits@level+ = [0+] 34 [1+] 34 [2+] 34 [3+] 8 [4+] 8 [5+] 0 Hits/KSLOC@level+ = [0+] 1.30323 [1+] 1.30323 [2+] 1.30323 [3+] 0.306643 [4+] 0.306643 [5+] 0 Dot directories skipped = 1 (--followdotdir overrides) Minimum risk level = 1 Not every hit is necessarily a security vulnerability. There may be other security vulnerabilities; review your code! See 'Secure Programming HOWTO' (https://dwheeler.com/secure-programs) for more information.