Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/qbrew-0.4.1/src/misc.h
Examining data/qbrew-0.4.1/src/style.h
Examining data/qbrew-0.4.1/src/recipe.cpp
Examining data/qbrew-0.4.1/src/notepage.h
Examining data/qbrew-0.4.1/src/miscmodel.h
Examining data/qbrew-0.4.1/src/quantity.h
Examining data/qbrew-0.4.1/src/qbrew.h
Examining data/qbrew-0.4.1/src/hydrometertool.h
Examining data/qbrew-0.4.1/src/configure.h
Examining data/qbrew-0.4.1/src/hop.cpp
Examining data/qbrew-0.4.1/src/ingredientview.h
Examining data/qbrew-0.4.1/src/miscdelegate.h
Examining data/qbrew-0.4.1/src/misc.cpp
Examining data/qbrew-0.4.1/src/textprinter.h
Examining data/qbrew-0.4.1/src/styledelegate.h
Examining data/qbrew-0.4.1/src/grain.cpp
Examining data/qbrew-0.4.1/src/datareader.h
Examining data/qbrew-0.4.1/src/helpviewer.cpp
Examining data/qbrew-0.4.1/src/hopmodel.h
Examining data/qbrew-0.4.1/src/data.h
Examining data/qbrew-0.4.1/src/configure.cpp
Examining data/qbrew-0.4.1/src/export.cpp
Examining data/qbrew-0.4.1/src/ingredientview.cpp
Examining data/qbrew-0.4.1/src/beerxmlreader.h
Examining data/qbrew-0.4.1/src/stylemodel.h
Examining data/qbrew-0.4.1/src/recipereader.cpp
Examining data/qbrew-0.4.1/src/styledelegate.cpp
Examining data/qbrew-0.4.1/src/hop.h
Examining data/qbrew-0.4.1/src/grain.h
Examining data/qbrew-0.4.1/src/databasetool.h
Examining data/qbrew-0.4.1/src/data.cpp
Examining data/qbrew-0.4.1/src/view.h
Examining data/qbrew-0.4.1/src/helpviewer.h
Examining data/qbrew-0.4.1/src/alcoholtool.h
Examining data/qbrew-0.4.1/src/hopdelegate.h
Examining data/qbrew-0.4.1/src/recipereader.h
Examining data/qbrew-0.4.1/src/style.cpp
Examining data/qbrew-0.4.1/src/graindelegate.h
Examining data/qbrew-0.4.1/src/notepage.cpp
Examining data/qbrew-0.4.1/src/recipe.h
Examining data/qbrew-0.4.1/src/quantity.cpp
Examining data/qbrew-0.4.1/src/alcoholtool.cpp
Examining data/qbrew-0.4.1/src/hydrometertool.cpp
Examining data/qbrew-0.4.1/src/hopdelegate.cpp
Examining data/qbrew-0.4.1/src/grainmodel.h
Examining data/qbrew-0.4.1/src/miscdelegate.cpp
Examining data/qbrew-0.4.1/src/textprinter.cpp
Examining data/qbrew-0.4.1/src/graindelegate.cpp
Examining data/qbrew-0.4.1/src/datareader.cpp
Examining data/qbrew-0.4.1/src/configstate.h
Examining data/qbrew-0.4.1/src/databasetool.cpp
Examining data/qbrew-0.4.1/src/grainmodel.cpp
Examining data/qbrew-0.4.1/src/hopmodel.cpp
Examining data/qbrew-0.4.1/src/main.cpp
Examining data/qbrew-0.4.1/src/miscmodel.cpp
Examining data/qbrew-0.4.1/src/qbrew.cpp
Examining data/qbrew-0.4.1/src/resource.h
Examining data/qbrew-0.4.1/src/stylemodel.cpp
Examining data/qbrew-0.4.1/src/view.cpp
Examining data/qbrew-0.4.1/src/beerxmlreader.cpp
FINAL RESULTS:
data/qbrew-0.4.1/src/helpviewer.cpp:105:26: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
switch (QLocale::system().country()) {
data/qbrew-0.4.1/src/main.cpp:141:45: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
if (translator.load("qbrew_" + QLocale::system().name(), transdir)) {
data/qbrew-0.4.1/src/main.cpp:147:44: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
if (qttranslator.load("qt_" + QLocale::system().name(), qttransdir)) {
data/qbrew-0.4.1/src/textprinter.cpp:49:22: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
switch (QLocale::system().country()) {
data/qbrew-0.4.1/src/view.cpp:284:31: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
QLocale locale = QLocale::system();
data/qbrew-0.4.1/src/data.cpp:192:19: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!datafile.open(QFile::ReadOnly | QFile::Text)) {
data/qbrew-0.4.1/src/data.cpp:234:19: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!datafile.open(QFile::WriteOnly | QFile::Text)) {
data/qbrew-0.4.1/src/export.cpp:63:23: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!datafile.open(QFile::WriteOnly | QFile::Text)) {
data/qbrew-0.4.1/src/export.cpp:261:23: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!datafile.open(QFile::WriteOnly | QFile::Text)) {
data/qbrew-0.4.1/src/export.cpp:375:19: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!datafile.open(QFile::WriteOnly | QFile::Text)) {
data/qbrew-0.4.1/src/export.cpp:408:19: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!datafile.open(QFile::ReadOnly | QFile::Text)) {
data/qbrew-0.4.1/src/recipe.cpp:124:19: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!datafile.open(QFile::ReadOnly | QFile::Text)) {
data/qbrew-0.4.1/src/recipe.cpp:142:19: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!datafile.open(QFile::ReadOnly | QFile::Text)) {
data/qbrew-0.4.1/src/recipe.cpp:161:19: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!datafile.open(QFile::ReadOnly | QFile::Text)) {
data/qbrew-0.4.1/src/recipe.cpp:217:19: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!datafile.open(QFile::WriteOnly | QFile::Text)) {
data/qbrew-0.4.1/src/hydrometertool.cpp:101:12: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
corr = read / corr;
ANALYSIS SUMMARY:
Hits = 16
Lines analyzed = 12667 in approximately 0.29 seconds (43913 lines/second)
Physical Source Lines of Code (SLOC) = 7500
Hits@level = [0] 0 [1] 1 [2] 10 [3] 0 [4] 5 [5] 0
Hits@level+ = [0+] 16 [1+] 16 [2+] 15 [3+] 5 [4+] 5 [5+] 0
Hits/KSLOC@level+ = [0+] 2.13333 [1+] 2.13333 [2+] 2 [3+] 0.666667 [4+] 0.666667 [5+] 0
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.