Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/photoflare-1.6.6/external/qt-solutions/qtsingleapplication/qtlocalpeer.cpp
Examining data/photoflare-1.6.6/external/qt-solutions/qtsingleapplication/qtlocalpeer.h
Examining data/photoflare-1.6.6/external/qt-solutions/qtsingleapplication/qtlockedfile.cpp
Examining data/photoflare-1.6.6/external/qt-solutions/qtsingleapplication/qtlockedfile.h
Examining data/photoflare-1.6.6/external/qt-solutions/qtsingleapplication/qtlockedfile_unix.cpp
Examining data/photoflare-1.6.6/external/qt-solutions/qtsingleapplication/qtlockedfile_win.cpp
Examining data/photoflare-1.6.6/external/qt-solutions/qtsingleapplication/qtsingleapplication.cpp
Examining data/photoflare-1.6.6/external/qt-solutions/qtsingleapplication/qtsingleapplication.h
Examining data/photoflare-1.6.6/external/qt-solutions/qtsingleapplication/qtsinglecoreapplication.cpp
Examining data/photoflare-1.6.6/external/qt-solutions/qtsingleapplication/qtsinglecoreapplication.h
Examining data/photoflare-1.6.6/src/Settings.cpp
Examining data/photoflare-1.6.6/src/Settings.h
Examining data/photoflare-1.6.6/src/dialogs/NewDialog.cpp
Examining data/photoflare-1.6.6/src/dialogs/NewDialog.h
Examining data/photoflare-1.6.6/src/dialogs/aboutdialog.cpp
Examining data/photoflare-1.6.6/src/dialogs/aboutdialog.h
Examining data/photoflare-1.6.6/src/dialogs/batchdialog.cpp
Examining data/photoflare-1.6.6/src/dialogs/batchdialog.h
Examining data/photoflare-1.6.6/src/dialogs/checkupdatedialog.cpp
Examining data/photoflare-1.6.6/src/dialogs/checkupdatedialog.h
Examining data/photoflare-1.6.6/src/dialogs/colourmanagerdialog.cpp
Examining data/photoflare-1.6.6/src/dialogs/colourmanagerdialog.h
Examining data/photoflare-1.6.6/src/dialogs/compressiondialog.cpp
Examining data/photoflare-1.6.6/src/dialogs/compressiondialog.h
Examining data/photoflare-1.6.6/src/dialogs/dropshadowdialog.cpp
Examining data/photoflare-1.6.6/src/dialogs/dropshadowdialog.h
Examining data/photoflare-1.6.6/src/dialogs/gradientdialog.cpp
Examining data/photoflare-1.6.6/src/dialogs/gradientdialog.h
Examining data/photoflare-1.6.6/src/dialogs/huedialog.cpp
Examining data/photoflare-1.6.6/src/dialogs/huedialog.h
Examining data/photoflare-1.6.6/src/dialogs/imagepropertiesdialog.cpp
Examining data/photoflare-1.6.6/src/dialogs/imagepropertiesdialog.h
Examining data/photoflare-1.6.6/src/dialogs/outerframedialog.cpp
Examining data/photoflare-1.6.6/src/dialogs/outerframedialog.h
Examining data/photoflare-1.6.6/src/dialogs/plugindialog.cpp
Examining data/photoflare-1.6.6/src/dialogs/plugindialog.h
Examining data/photoflare-1.6.6/src/dialogs/prefsdialog.cpp
Examining data/photoflare-1.6.6/src/dialogs/prefsdialog.h
Examining data/photoflare-1.6.6/src/dialogs/textdialog.cpp
Examining data/photoflare-1.6.6/src/dialogs/textdialog.h
Examining data/photoflare-1.6.6/src/dialogs/transparentdialog.cpp
Examining data/photoflare-1.6.6/src/dialogs/transparentdialog.h
Examining data/photoflare-1.6.6/src/main.cpp
Examining data/photoflare-1.6.6/src/mainwindow.cpp
Examining data/photoflare-1.6.6/src/mainwindow.h
Examining data/photoflare-1.6.6/src/managers/FilterManager.cpp
Examining data/photoflare-1.6.6/src/managers/FilterManager.h
Examining data/photoflare-1.6.6/src/managers/ToolManager.cpp
Examining data/photoflare-1.6.6/src/managers/ToolManager.h
Examining data/photoflare-1.6.6/src/progress/QProgressIndicator.cpp
Examining data/photoflare-1.6.6/src/progress/QProgressIndicator.h
Examining data/photoflare-1.6.6/src/progress/batchprogress.cpp
Examining data/photoflare-1.6.6/src/progress/batchprogress.h
Examining data/photoflare-1.6.6/src/toolSettings/BlurSettingsWidget.cpp
Examining data/photoflare-1.6.6/src/toolSettings/BlurSettingsWidget.h
Examining data/photoflare-1.6.6/src/toolSettings/LineSettingsWidget.cpp
Examining data/photoflare-1.6.6/src/toolSettings/LineSettingsWidget.h
Examining data/photoflare-1.6.6/src/toolSettings/MagicWandSettingsWidget.cpp
Examining data/photoflare-1.6.6/src/toolSettings/MagicWandSettingsWidget.h
Examining data/photoflare-1.6.6/src/toolSettings/PaintBrushAdvSettingsWidget.cpp
Examining data/photoflare-1.6.6/src/toolSettings/PaintBrushAdvSettingsWidget.h
Examining data/photoflare-1.6.6/src/toolSettings/PaintBrushSettingsWidget.cpp
Examining data/photoflare-1.6.6/src/toolSettings/PaintBrushSettingsWidget.h
Examining data/photoflare-1.6.6/src/toolSettings/SmudgeSettingsWidget.cpp
Examining data/photoflare-1.6.6/src/toolSettings/SmudgeSettingsWidget.h
Examining data/photoflare-1.6.6/src/toolSettings/SprayCanSettingsWidget.cpp
Examining data/photoflare-1.6.6/src/toolSettings/SprayCanSettingsWidget.h
Examining data/photoflare-1.6.6/src/toolSettings/StampSettingsWidget.cpp
Examining data/photoflare-1.6.6/src/toolSettings/StampSettingsWidget.h
Examining data/photoflare-1.6.6/src/toolSettings/erasersettingswidget.cpp
Examining data/photoflare-1.6.6/src/toolSettings/erasersettingswidget.h
Examining data/photoflare-1.6.6/src/toolSettings/pointersettingswidget.cpp
Examining data/photoflare-1.6.6/src/toolSettings/pointersettingswidget.h
Examining data/photoflare-1.6.6/src/tools/BlurTool.cpp
Examining data/photoflare-1.6.6/src/tools/BlurTool.h
Examining data/photoflare-1.6.6/src/tools/ColourPickerTool.cpp
Examining data/photoflare-1.6.6/src/tools/ColourPickerTool.h
Examining data/photoflare-1.6.6/src/tools/EraserTool.cpp
Examining data/photoflare-1.6.6/src/tools/EraserTool.h
Examining data/photoflare-1.6.6/src/tools/LineTool.cpp
Examining data/photoflare-1.6.6/src/tools/LineTool.h
Examining data/photoflare-1.6.6/src/tools/MagicWandTool.cpp
Examining data/photoflare-1.6.6/src/tools/MagicWandTool.h
Examining data/photoflare-1.6.6/src/tools/PaintBrushAdvTool.cpp
Examining data/photoflare-1.6.6/src/tools/PaintBrushAdvTool.h
Examining data/photoflare-1.6.6/src/tools/PaintBrushTool.cpp
Examining data/photoflare-1.6.6/src/tools/PaintBrushTool.h
Examining data/photoflare-1.6.6/src/tools/PaintBucketTool.cpp
Examining data/photoflare-1.6.6/src/tools/PaintBucketTool.h
Examining data/photoflare-1.6.6/src/tools/PointerTool.cpp
Examining data/photoflare-1.6.6/src/tools/PointerTool.h
Examining data/photoflare-1.6.6/src/tools/SmudgeTool.cpp
Examining data/photoflare-1.6.6/src/tools/SmudgeTool.h
Examining data/photoflare-1.6.6/src/tools/SprayCanTool.cpp
Examining data/photoflare-1.6.6/src/tools/SprayCanTool.h
Examining data/photoflare-1.6.6/src/tools/StampTool.cpp
Examining data/photoflare-1.6.6/src/tools/StampTool.h
Examining data/photoflare-1.6.6/src/tools/TextTool.cpp
Examining data/photoflare-1.6.6/src/tools/TextTool.h
Examining data/photoflare-1.6.6/src/tools/Tool.cpp
Examining data/photoflare-1.6.6/src/tools/Tool.h
Examining data/photoflare-1.6.6/src/widgets/PaintWidget.cpp
Examining data/photoflare-1.6.6/src/widgets/PaintWidget.h
Examining data/photoflare-1.6.6/src/widgets/brushtypecombobox.cpp
Examining data/photoflare-1.6.6/src/widgets/brushtypecombobox.h
Examining data/photoflare-1.6.6/src/widgets/colorboxwidget.cpp
Examining data/photoflare-1.6.6/src/widgets/colorboxwidget.h
Examining data/photoflare-1.6.6/src/widgets/imagepositionwidget.cpp
Examining data/photoflare-1.6.6/src/widgets/imagepositionwidget.h
Examining data/photoflare-1.6.6/src/workers/BatchProcessWorker.cpp
Examining data/photoflare-1.6.6/src/workers/BatchProcessWorker.h
Examining data/photoflare-1.6.6/src/workers/filterworker.cpp
Examining data/photoflare-1.6.6/src/workers/filterworker.h
Examining data/photoflare-1.6.6/src/workers/filterworkermp.cpp
Examining data/photoflare-1.6.6/src/workers/filterworkermp.h
FINAL RESULTS:
data/photoflare-1.6.6/src/main.cpp:64:70: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
QString sysLanguage = QLocale::countryToString(QLocale::system().country());
data/photoflare-1.6.6/external/qt-solutions/qtsingleapplication/qtlocalpeer.cpp:108:14: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
lockFile.open(QIODevice::ReadWrite);
data/photoflare-1.6.6/external/qt-solutions/qtsingleapplication/qtlockedfile.cpp:123:20: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
bool QtLockedFile::open(OpenMode mode)
data/photoflare-1.6.6/external/qt-solutions/qtsingleapplication/qtlockedfile.cpp:129:19: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
return QFile::open(mode);
data/photoflare-1.6.6/external/qt-solutions/qtsingleapplication/qtlockedfile.h:76:10: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
bool open(OpenMode mode);
data/photoflare-1.6.6/src/managers/FilterManager.cpp:47:16: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
buffer.open(QIODevice::WriteOnly);
data/photoflare-1.6.6/external/qt-solutions/qtsingleapplication/qtlocalpeer.cpp:167:28: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
res &= (socket.read(qstrlen(ack)) == ack);
data/photoflare-1.6.6/src/widgets/PaintWidget.cpp:306:29: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
QImage raw = reader.read();
ANALYSIS SUMMARY:
Hits = 8
Lines analyzed = 16824 in approximately 0.47 seconds (36117 lines/second)
Physical Source Lines of Code (SLOC) = 11682
Hits@level = [0] 0 [1] 2 [2] 5 [3] 0 [4] 1 [5] 0
Hits@level+ = [0+] 8 [1+] 8 [2+] 6 [3+] 1 [4+] 1 [5+] 0
Hits/KSLOC@level+ = [0+] 0.684814 [1+] 0.684814 [2+] 0.513611 [3+] 0.0856018 [4+] 0.0856018 [5+] 0
Dot directories skipped = 2 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.