stdin

Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/ministocks-0+git20200120/StockTicker/dialogs/About.cpp
Examining data/ministocks-0+git20200120/StockTicker/dialogs/About.h
Examining data/ministocks-0+git20200120/StockTicker/dialogs/MainWindow.cpp
Examining data/ministocks-0+git20200120/StockTicker/dialogs/MainWindow.h
Examining data/ministocks-0+git20200120/StockTicker/dialogs/SettingsDialog.cpp
Examining data/ministocks-0+git20200120/StockTicker/dialogs/SettingsDialog.h
Examining data/ministocks-0+git20200120/StockTicker/file/File.cpp
Examining data/ministocks-0+git20200120/StockTicker/file/File.h
Examining data/ministocks-0+git20200120/StockTicker/main.cpp
Examining data/ministocks-0+git20200120/StockTicker/ticker/Ticker.cpp
Examining data/ministocks-0+git20200120/StockTicker/ticker/Ticker.h
Examining data/ministocks-0+git20200120/StockTicker/ticker/TickerInfoDownloader.cpp
Examining data/ministocks-0+git20200120/StockTicker/ticker/TickerInfoDownloader.h
Examining data/ministocks-0+git20200120/StockTicker/ticker/TickerItem.cpp
Examining data/ministocks-0+git20200120/StockTicker/ticker/TickerItem.h
Examining data/ministocks-0+git20200120/StockTicker/ticker/TickerRefreshThread.cpp
Examining data/ministocks-0+git20200120/StockTicker/ticker/TickerRefreshThread.h
Examining data/ministocks-0+git20200120/StockTicker/unittests/catch.hpp
Examining data/ministocks-0+git20200120/StockTicker/unittests/unittestmain.cpp

FINAL RESULTS:

data/ministocks-0+git20200120/StockTicker/unittests/catch.hpp:8467:18:  [3] (random) srand:
  This function is not sufficiently random for security-related functions
  such as key and nonce creation (CWE-327). Use a more secure technique for
  acquiring random values.
            std::srand( config.rngSeed() );
data/ministocks-0+git20200120/StockTicker/file/File.cpp:39:10:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    file.open(QIODevice::ReadOnly);
data/ministocks-0+git20200120/StockTicker/file/File.cpp:56:10:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    file.open(QIODevice::WriteOnly);
data/ministocks-0+git20200120/StockTicker/ticker/TickerInfoDownloader.cpp:39:14:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
        fp = fopen(filepath.toLatin1().data(), "wb");
data/ministocks-0+git20200120/StockTicker/ticker/TickerInfoDownloader.cpp:68:10:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    file.open(QIODevice::WriteOnly);
data/ministocks-0+git20200120/StockTicker/unittests/catch.hpp:1295:13:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
            char timeStamp[timeStampSize];
data/ministocks-0+git20200120/StockTicker/unittests/catch.hpp:3560:29:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        alignas(alignof(T)) char storage[sizeof(T)];
data/ministocks-0+git20200120/StockTicker/unittests/catch.hpp:4018:16:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        static char line[CATCH_CONFIG_CONSOLE_WIDTH] = {0};
data/ministocks-0+git20200120/StockTicker/unittests/catch.hpp:4586:14:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
        void open();
data/ministocks-0+git20200120/StockTicker/unittests/catch.hpp:7954:14:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        std::memcpy(&i, &f, sizeof(f));
data/ministocks-0+git20200120/StockTicker/unittests/catch.hpp:7963:14:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        std::memcpy(&i, &d, sizeof(d));
data/ministocks-0+git20200120/StockTicker/unittests/catch.hpp:8283:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char m_buffer[L_tmpnam] = { 0 };
data/ministocks-0+git20200120/StockTicker/unittests/catch.hpp:8354:13:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
            char buffer[100];
data/ministocks-0+git20200120/StockTicker/unittests/catch.hpp:8363:23:  [2] (tmpfile) tmpfile:
  Function tmpfile() has a security flaw on some systems (e.g., older System
  V systems) (CWE-377).
        m_file = std::tmpfile();
data/ministocks-0+git20200120/StockTicker/unittests/catch.hpp:8387:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char buffer[100] = {};
data/ministocks-0+git20200120/StockTicker/unittests/catch.hpp:9469:31:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char **utf8Argv = new char *[ argc ];
data/ministocks-0+git20200120/StockTicker/unittests/catch.hpp:9591:13:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
            char data[bufferSize];
data/ministocks-0+git20200120/StockTicker/unittests/catch.hpp:9640:23:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
                m_ofs.open( filename.c_str() );
data/ministocks-0+git20200120/StockTicker/unittests/catch.hpp:9890:13:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            memcpy( m_data, m_start, m_size );
data/ministocks-0+git20200120/StockTicker/unittests/catch.hpp:10403:23:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    void TrackerBase::open() {
data/ministocks-0+git20200120/StockTicker/unittests/catch.hpp:10492:13:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
            open();
data/ministocks-0+git20200120/StockTicker/unittests/catch.hpp:10531:22:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
            tracker->open();
data/ministocks-0+git20200120/StockTicker/unittests/catch.hpp:10819:21:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
                    char asChar[sizeof (int)];
data/ministocks-0+git20200120/StockTicker/unittests/catch.hpp:11463:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char buffer[maxDoubleSize];
data/ministocks-0+git20200120/StockTicker/unittests/catch.hpp:11470:9:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
        sprintf(buffer, "%.3f", duration);
data/ministocks-0+git20200120/StockTicker/unittests/catch.hpp:12038:10:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    void open() {
data/ministocks-0+git20200120/StockTicker/unittests/catch.hpp:12067:12:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
        tp.open();
data/ministocks-0+git20200120/StockTicker/unittests/catch.hpp:12413:13:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
            char timeStamp[timeStampSize];
data/ministocks-0+git20200120/StockTicker/unittests/catch.hpp:9492:36:  [1] (buffer) getchar:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
            static_cast<void>(std::getchar());
data/ministocks-0+git20200120/StockTicker/unittests/catch.hpp:9497:36:  [1] (buffer) getchar:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
            static_cast<void>(std::getchar());
data/ministocks-0+git20200120/StockTicker/unittests/catch.hpp:9778:50:  [1] (buffer) equal:
  Function does not check the second iterator for over-read conditions
  (CWE-126). This function is often discouraged by most C++ coding standards
  in favor of its safer alternatives provided since C++14. Consider using a
  form of this function that checks the second iterator before potentially
  overflowing it.
        return s.size() >= prefix.size() && std::equal(prefix.begin(), prefix.end(), s.begin());
data/ministocks-0+git20200120/StockTicker/unittests/catch.hpp:9784:50:  [1] (buffer) equal:
  Function does not check the second iterator for over-read conditions
  (CWE-126). This function is often discouraged by most C++ coding standards
  in favor of its safer alternatives provided since C++14. Consider using a
  form of this function that checks the second iterator before potentially
  overflowing it.
        return s.size() >= suffix.size() && std::equal(suffix.rbegin(), suffix.rend(), s.rbegin());
data/ministocks-0+git20200120/StockTicker/unittests/catch.hpp:9858:67:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    : StringRef( rawChars, static_cast<StringRef::size_type>(std::strlen(rawChars) ) )

ANALYSIS SUMMARY:

Hits = 33
Lines analyzed = 14454 in approximately 0.28 seconds (52475 lines/second)
Physical Source Lines of Code (SLOC) = 10759
Hits@level = [0]   0 [1]   5 [2]  27 [3]   1 [4]   0 [5]   0
Hits@level+ = [0+]  33 [1+]  33 [2+]  28 [3+]   1 [4+]   0 [5+]   0
Hits/KSLOC@level+ = [0+] 3.0672 [1+] 3.0672 [2+] 2.60247 [3+] 0.0929454 [4+]   0 [5+]   0
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.