Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/minitube-3.6.1/lib/idle/src/idle.h
Examining data/minitube-3.6.1/lib/idle/src/idle_linux.cpp
Examining data/minitube-3.6.1/lib/idle/src/idle_mac.cpp
Examining data/minitube-3.6.1/lib/idle/src/idle_win.cpp
Examining data/minitube-3.6.1/lib/updater/src/impl/appcastparser.cpp
Examining data/minitube-3.6.1/lib/updater/src/impl/defaultupdater.h
Examining data/minitube-3.6.1/lib/updater/src/impl/dialog.h
Examining data/minitube-3.6.1/lib/updater/src/impl/appcastparser.h
Examining data/minitube-3.6.1/lib/updater/src/impl/parser.h
Examining data/minitube-3.6.1/lib/updater/src/impl/downloader.cpp
Examining data/minitube-3.6.1/lib/updater/src/impl/dialog.cpp
Examining data/minitube-3.6.1/lib/updater/src/impl/runinstaller.cpp
Examining data/minitube-3.6.1/lib/updater/src/impl/checker.h
Examining data/minitube-3.6.1/lib/updater/src/impl/defaultupdater.cpp
Examining data/minitube-3.6.1/lib/updater/src/impl/installer.h
Examining data/minitube-3.6.1/lib/updater/src/impl/downloader.h
Examining data/minitube-3.6.1/lib/updater/src/impl/runinstaller.h
Examining data/minitube-3.6.1/lib/updater/src/impl/checker.cpp
Examining data/minitube-3.6.1/lib/updater/src/impl/simplexmlparser.h
Examining data/minitube-3.6.1/lib/updater/src/impl/simplexmlparser.cpp
Examining data/minitube-3.6.1/lib/updater/src/updater.cpp
Examining data/minitube-3.6.1/lib/updater/src/updater.h
Examining data/minitube-3.6.1/lib/updater/src/sparkle/sparkleupdater.h
Examining data/minitube-3.6.1/lib/http/src/throttledhttp.cpp
Examining data/minitube-3.6.1/lib/http/src/http.h
Examining data/minitube-3.6.1/lib/http/src/httpreply.h
Examining data/minitube-3.6.1/lib/http/src/cachedhttp.h
Examining data/minitube-3.6.1/lib/http/src/localcache.h
Examining data/minitube-3.6.1/lib/http/src/networkhttpreply.cpp
Examining data/minitube-3.6.1/lib/http/src/localcache.cpp
Examining data/minitube-3.6.1/lib/http/src/http.cpp
Examining data/minitube-3.6.1/lib/http/src/httprequest.h
Examining data/minitube-3.6.1/lib/http/src/httpreply.cpp
Examining data/minitube-3.6.1/lib/http/src/cachedhttp.cpp
Examining data/minitube-3.6.1/lib/http/src/networkhttpreply.h
Examining data/minitube-3.6.1/lib/http/src/throttledhttp.h
Examining data/minitube-3.6.1/lib/media/src/media.h
Examining data/minitube-3.6.1/lib/media/src/mpv/mpvwidget.cpp
Examining data/minitube-3.6.1/lib/media/src/mpv/mpvwidget.h
Examining data/minitube-3.6.1/lib/media/src/mpv/mediampv.h
Examining data/minitube-3.6.1/lib/media/src/mpv/qthelper.hpp
Examining data/minitube-3.6.1/lib/media/src/mpv/mediampv.cpp
Examining data/minitube-3.6.1/lib/media/src/qtav/mediaqtav.cpp
Examining data/minitube-3.6.1/lib/media/src/qtav/mediaqtav.h
Examining data/minitube-3.6.1/src/globalshortcutbackend.cpp
Examining data/minitube-3.6.1/src/videodefinition.cpp
Examining data/minitube-3.6.1/src/autocomplete.cpp
Examining data/minitube-3.6.1/src/searchparams.h
Examining data/minitube-3.6.1/src/ytregions.cpp
Examining data/minitube-3.6.1/src/playlistmodel.cpp
Examining data/minitube-3.6.1/src/minisplitter.h
Examining data/minitube-3.6.1/src/snapshotpreview.h
Examining data/minitube-3.6.1/src/searchlineedit.cpp
Examining data/minitube-3.6.1/src/channellistview.h
Examining data/minitube-3.6.1/src/segmentedcontrol.cpp
Examining data/minitube-3.6.1/src/searchwidget.h
Examining data/minitube-3.6.1/src/ytjs/ytjssinglevideosource.cpp
Examining data/minitube-3.6.1/src/ytjs/ytjsnamfactory.h
Examining data/minitube-3.6.1/src/ytjs/ytjschannel.h
Examining data/minitube-3.6.1/src/ytjs/ytjsnamfactory.cpp
Examining data/minitube-3.6.1/src/ytjs/ytjs.cpp
Examining data/minitube-3.6.1/src/ytjs/ytjs.h
Examining data/minitube-3.6.1/src/ytjs/ytjssearch.h
Examining data/minitube-3.6.1/src/ytjs/ytjssearch.cpp
Examining data/minitube-3.6.1/src/ytjs/ytjsvideo.cpp
Examining data/minitube-3.6.1/src/ytjs/ytjssinglevideosource.h
Examining data/minitube-3.6.1/src/ytjs/ytjschannelsource.h
Examining data/minitube-3.6.1/src/ytjs/ytjschannel.cpp
Examining data/minitube-3.6.1/src/ytjs/ytjschannelsource.cpp
Examining data/minitube-3.6.1/src/ytjs/ytjsvideo.h
Examining data/minitube-3.6.1/src/appwidget.cpp
Examining data/minitube-3.6.1/src/sidebarheader.cpp
Examining data/minitube-3.6.1/src/channelsview.h
Examining data/minitube-3.6.1/src/downloadsettings.cpp
Examining data/minitube-3.6.1/src/channelitemdelegate.cpp
Examining data/minitube-3.6.1/src/httputils.h
Examining data/minitube-3.6.1/src/iconutils.h
Examining data/minitube-3.6.1/src/channelaggregator.h
Examining data/minitube-3.6.1/src/qtsingleapplication/qtlockedfile_win.cpp
Examining data/minitube-3.6.1/src/qtsingleapplication/qtsingleapplication.h
Examining data/minitube-3.6.1/src/qtsingleapplication/qtlocalpeer.h
Examining data/minitube-3.6.1/src/qtsingleapplication/qtlocalpeer.cpp
Examining data/minitube-3.6.1/src/qtsingleapplication/qtsinglecoreapplication.h
Examining data/minitube-3.6.1/src/qtsingleapplication/qtlockedfile_unix.cpp
Examining data/minitube-3.6.1/src/qtsingleapplication/qtsinglecoreapplication.cpp
Examining data/minitube-3.6.1/src/qtsingleapplication/qtsingleapplication.cpp
Examining data/minitube-3.6.1/src/qtsingleapplication/qtlockedfile.h
Examining data/minitube-3.6.1/src/qtsingleapplication/qtlockedfile.cpp
Examining data/minitube-3.6.1/src/ytsinglevideosource.cpp
Examining data/minitube-3.6.1/src/ytvideo.cpp
Examining data/minitube-3.6.1/src/mainwindow.h
Examining data/minitube-3.6.1/src/yt3.cpp
Examining data/minitube-3.6.1/src/regionsview.h
Examining data/minitube-3.6.1/src/downloadmanager.h
Examining data/minitube-3.6.1/src/mediaview.cpp
Examining data/minitube-3.6.1/src/globalshortcuts.cpp
Examining data/minitube-3.6.1/src/spacer.h
Examining data/minitube-3.6.1/src/sharetoolbar.cpp
Examining data/minitube-3.6.1/src/channelview.h
Examining data/minitube-3.6.1/src/loadingwidget.h
Examining data/minitube-3.6.1/src/channelaggregator.cpp
Examining data/minitube-3.6.1/src/aboutview.h
Examining data/minitube-3.6.1/src/ytregions.h
Examining data/minitube-3.6.1/src/channelsview.cpp
Examining data/minitube-3.6.1/src/yt3.h
Examining data/minitube-3.6.1/src/paginatedvideosource.h
Examining data/minitube-3.6.1/src/searchview.cpp
Examining data/minitube-3.6.1/src/toolbarmenu.cpp
Examining data/minitube-3.6.1/src/ytchannel.cpp
Examining data/minitube-3.6.1/src/messagebar.h
Examining data/minitube-3.6.1/src/channelitemdelegate.h
Examining data/minitube-3.6.1/src/downloaditem.h
Examining data/minitube-3.6.1/src/playlistmodel.h
Examining data/minitube-3.6.1/src/clickablelabel.cpp
Examining data/minitube-3.6.1/src/standardfeedsview.h
Examining data/minitube-3.6.1/src/standardfeedsview.cpp
Examining data/minitube-3.6.1/src/constants.cpp
Examining data/minitube-3.6.1/src/ytchannel.h
Examining data/minitube-3.6.1/src/videoarea.cpp
Examining data/minitube-3.6.1/src/videomimedata.h
Examining data/minitube-3.6.1/src/sidebarwidget.h
Examining data/minitube-3.6.1/src/sidebarwidget.cpp
Examining data/minitube-3.6.1/src/httputils.cpp
Examining data/minitube-3.6.1/src/gridwidget.h
Examining data/minitube-3.6.1/src/playlistsuggest.cpp
Examining data/minitube-3.6.1/src/videosourcewidget.h
Examining data/minitube-3.6.1/src/downloadview.h
Examining data/minitube-3.6.1/src/updateutils.cpp
Examining data/minitube-3.6.1/src/downloadlistview.h
Examining data/minitube-3.6.1/src/channelsuggest.h
Examining data/minitube-3.6.1/src/homeview.cpp
Examining data/minitube-3.6.1/src/downloadmodel.h
Examining data/minitube-3.6.1/src/refinesearchwidget.h
Examining data/minitube-3.6.1/src/video.cpp
Examining data/minitube-3.6.1/src/view.h
Examining data/minitube-3.6.1/src/sidebarheader.h
Examining data/minitube-3.6.1/src/channelsitemdelegate.cpp
Examining data/minitube-3.6.1/src/messagebar.cpp
Examining data/minitube-3.6.1/src/channelsitemdelegate.h
Examining data/minitube-3.6.1/src/datautils.cpp
Examining data/minitube-3.6.1/src/updateutils.h
Examining data/minitube-3.6.1/src/videosource.cpp
Examining data/minitube-3.6.1/src/snapshotsettings.cpp
Examining data/minitube-3.6.1/src/homeview.h
Examining data/minitube-3.6.1/src/mainwindow.cpp
Examining data/minitube-3.6.1/src/playlistview.h
Examining data/minitube-3.6.1/src/mediaview.h
Examining data/minitube-3.6.1/src/diskcache.h
Examining data/minitube-3.6.1/src/segmentedcontrol.h
Examining data/minitube-3.6.1/src/constants.h
Examining data/minitube-3.6.1/src/playlistitemdelegate.h
Examining data/minitube-3.6.1/src/waitingspinnerwidget.h
Examining data/minitube-3.6.1/src/database.cpp
Examining data/minitube-3.6.1/src/channelwidget.cpp
Examining data/minitube-3.6.1/src/waitingspinnerwidget.cpp
Examining data/minitube-3.6.1/src/playlistsuggest.h
Examining data/minitube-3.6.1/src/clickablelabel.h
Examining data/minitube-3.6.1/src/globalshortcutbackend.h
Examining data/minitube-3.6.1/src/minisplitter.cpp
Examining data/minitube-3.6.1/src/snapshotsettings.h
Examining data/minitube-3.6.1/src/refinesearchwidget.cpp
Examining data/minitube-3.6.1/src/appwidget.h
Examining data/minitube-3.6.1/src/yt3listparser.h
Examining data/minitube-3.6.1/src/videodefinition.h
Examining data/minitube-3.6.1/src/playlistitemdelegate.cpp
Examining data/minitube-3.6.1/src/ytcategories.h
Examining data/minitube-3.6.1/src/invidious/ivsinglevideosource.cpp
Examining data/minitube-3.6.1/src/invidious/ivchannel.h
Examining data/minitube-3.6.1/src/invidious/ivchannelsource.h
Examining data/minitube-3.6.1/src/invidious/invidious.h
Examining data/minitube-3.6.1/src/invidious/ivvideolist.h
Examining data/minitube-3.6.1/src/invidious/ivsinglevideosource.h
Examining data/minitube-3.6.1/src/invidious/ivsearch.h
Examining data/minitube-3.6.1/src/invidious/ivchannel.cpp
Examining data/minitube-3.6.1/src/invidious/ivlistparser.cpp
Examining data/minitube-3.6.1/src/invidious/ivvideosource.h
Examining data/minitube-3.6.1/src/invidious/ivvideosource.cpp
Examining data/minitube-3.6.1/src/invidious/ivlistparser.h
Examining data/minitube-3.6.1/src/invidious/ivsearch.cpp
Examining data/minitube-3.6.1/src/invidious/ivvideolist.cpp
Examining data/minitube-3.6.1/src/invidious/invidious.cpp
Examining data/minitube-3.6.1/src/invidious/ivchannelsource.cpp
Examining data/minitube-3.6.1/src/database.h
Examining data/minitube-3.6.1/src/channelsmodel.h
Examining data/minitube-3.6.1/src/diskcache.cpp
Examining data/minitube-3.6.1/src/video.h
Examining data/minitube-3.6.1/src/ytsuggester.h
Examining data/minitube-3.6.1/src/ytstandardfeed.h
Examining data/minitube-3.6.1/src/painterutils.h
Examining data/minitube-3.6.1/src/playlistview.cpp
Examining data/minitube-3.6.1/src/datautils.h
Examining data/minitube-3.6.1/src/snapshotpreview.cpp
Examining data/minitube-3.6.1/src/ytcategories.cpp
Examining data/minitube-3.6.1/src/jsfunctions.cpp
Examining data/minitube-3.6.1/src/suggester.h
Examining data/minitube-3.6.1/src/refinesearchbutton.cpp
Examining data/minitube-3.6.1/src/regionsview.cpp
Examining data/minitube-3.6.1/src/channelwidget.h
Examining data/minitube-3.6.1/src/iconutils.cpp
Examining data/minitube-3.6.1/src/downloadmodel.cpp
Examining data/minitube-3.6.1/src/videoarea.h
Examining data/minitube-3.6.1/src/channelmodel.h
Examining data/minitube-3.6.1/src/videomimedata.cpp
Examining data/minitube-3.6.1/src/painterutils.cpp
Examining data/minitube-3.6.1/src/aggregatevideosource.cpp
Examining data/minitube-3.6.1/src/toolbarmenu.h
Examining data/minitube-3.6.1/src/ytvideo.h
Examining data/minitube-3.6.1/src/channellistview.cpp
Examining data/minitube-3.6.1/src/videoapi.h
Examining data/minitube-3.6.1/src/downloadsettings.h
Examining data/minitube-3.6.1/src/aboutview.cpp
Examining data/minitube-3.6.1/src/ytsearch.h
Examining data/minitube-3.6.1/src/searchparams.cpp
Examining data/minitube-3.6.1/src/spacer.cpp
Examining data/minitube-3.6.1/src/yt3listparser.cpp
Examining data/minitube-3.6.1/src/fontutils.h
Examining data/minitube-3.6.1/src/gnomeglobalshortcutbackend.h
Examining data/minitube-3.6.1/src/channelsuggest.cpp
Examining data/minitube-3.6.1/src/globalshortcuts.h
Examining data/minitube-3.6.1/src/videosource.h
Examining data/minitube-3.6.1/src/ytstandardfeed.cpp
Examining data/minitube-3.6.1/src/seekslider.h
Examining data/minitube-3.6.1/src/channelsmodel.cpp
Examining data/minitube-3.6.1/src/loadingwidget.cpp
Examining data/minitube-3.6.1/src/sharetoolbar.h
Examining data/minitube-3.6.1/src/refinesearchbutton.h
Examining data/minitube-3.6.1/src/downloadmanager.cpp
Examining data/minitube-3.6.1/src/ytsearch.cpp
Examining data/minitube-3.6.1/src/searchlineedit.h
Examining data/minitube-3.6.1/src/main.cpp
Examining data/minitube-3.6.1/src/searchview.h
Examining data/minitube-3.6.1/src/ytsinglevideosource.h
Examining data/minitube-3.6.1/src/downloadview.cpp
Examining data/minitube-3.6.1/src/gridwidget.cpp
Examining data/minitube-3.6.1/src/aggregatevideosource.h
Examining data/minitube-3.6.1/src/channelview.cpp
Examining data/minitube-3.6.1/src/ytsuggester.cpp
Examining data/minitube-3.6.1/src/gnomeglobalshortcutbackend.cpp
Examining data/minitube-3.6.1/src/paginatedvideosource.cpp
Examining data/minitube-3.6.1/src/fontutils.cpp
Examining data/minitube-3.6.1/src/downloaditem.cpp
Examining data/minitube-3.6.1/src/jsfunctions.h
Examining data/minitube-3.6.1/src/autocomplete.h
Examining data/minitube-3.6.1/src/channelmodel.cpp
Examining data/minitube-3.6.1/src/downloadlistview.cpp
Examining data/minitube-3.6.1/src/seekslider.cpp
Examining data/minitube-3.6.1/src/videosourcewidget.cpp
Examining data/minitube-3.6.1/src/temporary.cpp
Examining data/minitube-3.6.1/src/temporary.h
FINAL RESULTS:
data/minitube-3.6.1/src/datautils.cpp:31:33: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
return regioneCode(QLocale::system());
data/minitube-3.6.1/src/datautils.cpp:94:32: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
if (hours == 0) return res.sprintf("%d:%02d", minutes, seconds);
data/minitube-3.6.1/src/datautils.cpp:95:16: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
return res.sprintf("%d:%02d:%02d", hours, minutes, seconds);
data/minitube-3.6.1/src/main.cpp:118:55: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
qtTranslator.load(QLatin1String("qt_") + QLocale::system().name(),
data/minitube-3.6.1/src/main.cpp:136:61: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
qDebug() << "Using locale dir" << localeDir << QLocale::system();
data/minitube-3.6.1/src/main.cpp:138:30: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
translator.load(QLocale::system(), QString(), QString(), localeDir);
data/minitube-3.6.1/src/mainwindow.cpp:1655:32: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
if (hours == 0) return res.sprintf("%02d:%02d", minutes, seconds);
data/minitube-3.6.1/src/mainwindow.cpp:1656:16: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
return res.sprintf("%02d:%02d:%02d", hours, minutes, seconds);
data/minitube-3.6.1/src/ytcategories.cpp:32:29: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
language = QLocale::system().uiLanguages().at(0);
data/minitube-3.6.1/src/ytregions.cpp:89:36: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
QString country = QLocale::system().name().right(2);
data/minitube-3.6.1/src/ytsuggester.cpp:32:31: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
QString locale = QLocale::system().uiLanguages().at(0);
data/minitube-3.6.1/lib/http/src/localcache.cpp:58:15: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!file.open(QIODevice::ReadOnly)) {
data/minitube-3.6.1/lib/http/src/localcache.cpp:74:15: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!file.open(QIODevice::ReadOnly)) {
data/minitube-3.6.1/lib/http/src/localcache.cpp:94:15: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!file.open(QIODevice::WriteOnly)) {
data/minitube-3.6.1/lib/media/src/mpv/qthelper.hpp:139:18: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
std::memcpy(r, b.data(), b.size() + 1);
data/minitube-3.6.1/lib/media/src/qtav/mediaqtav.cpp:184:34: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!audio->isOpen()) audio->open();
data/minitube-3.6.1/lib/updater/src/impl/downloader.cpp:23:23: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!file.open(QIODevice::ReadWrite)) {
data/minitube-3.6.1/src/database.cpp:164:24: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if(!connection.open()) {
data/minitube-3.6.1/src/downloaditem.cpp:178:20: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
void DownloadItem::open() {
data/minitube-3.6.1/src/downloaditem.cpp:203:21: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!m_file.open(QIODevice::ReadWrite)) {
data/minitube-3.6.1/src/downloaditem.h:74:10: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
void open();
data/minitube-3.6.1/src/downloadsettings.cpp:65:13: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
dialog->open(this, SLOT(folderChosen(const QString &)));
data/minitube-3.6.1/src/jsfunctions.cpp:36:18: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (file.open(QIODevice::ReadOnly | QIODevice::Text))
data/minitube-3.6.1/src/jsfunctions.cpp:93:15: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!file.open(QIODevice::WriteOnly)) {
data/minitube-3.6.1/src/main.cpp:110:13: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
cssFile.open(QFile::ReadOnly);
data/minitube-3.6.1/src/qtsingleapplication/qtlocalpeer.cpp:108:14: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
lockFile.open(QIODevice::ReadWrite);
data/minitube-3.6.1/src/qtsingleapplication/qtlockedfile.cpp:123:20: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
bool QtLockedFile::open(OpenMode mode)
data/minitube-3.6.1/src/qtsingleapplication/qtlockedfile.cpp:129:19: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
return QFile::open(mode);
data/minitube-3.6.1/src/qtsingleapplication/qtlockedfile.h:76:10: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
bool open(OpenMode mode);
data/minitube-3.6.1/src/snapshotsettings.cpp:104:13: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
dialog->open(this, SLOT(folderChosen(const QString &)));
data/minitube-3.6.1/src/temporary.cpp:38:15: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
tempfile->open();
data/minitube-3.6.1/src/ytchannel.cpp:195:19: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!file.open(QIODevice::WriteOnly))
data/minitube-3.6.1/lib/http/src/localcache.cpp:5:64: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
auto i = instances.constFind(QByteArray::fromRawData(name, strlen(name)));
data/minitube-3.6.1/lib/http/src/localcache.cpp:39:33: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
p.append(h.constData() + 2, strlen(h.constData()) - 2); // p.append(h.mid(2));
data/minitube-3.6.1/src/iconutils.cpp:98:60: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
auto i = cache.constFind(QByteArray::fromRawData(name, strlen(name)));
data/minitube-3.6.1/src/mainwindow.cpp:1933:58: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
return actionMap.value(QByteArray::fromRawData(name, strlen(name)));
data/minitube-3.6.1/src/mainwindow.cpp:1941:56: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
return menuMap.value(QByteArray::fromRawData(name, strlen(name)));
data/minitube-3.6.1/src/qtsingleapplication/qtlocalpeer.cpp:167:28: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
res &= (socket.read(qstrlen(ack)) == ack);
ANALYSIS SUMMARY:
Hits = 38
Lines analyzed = 26894 in approximately 0.69 seconds (39123 lines/second)
Physical Source Lines of Code (SLOC) = 18884
Hits@level = [0] 0 [1] 6 [2] 21 [3] 0 [4] 11 [5] 0
Hits@level+ = [0+] 38 [1+] 38 [2+] 32 [3+] 11 [4+] 11 [5+] 0
Hits/KSLOC@level+ = [0+] 2.01229 [1+] 2.01229 [2+] 1.69456 [3+] 0.582504 [4+] 0.582504 [5+] 0
Dot directories skipped = 2 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.