Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/qtwebsockets-opensource-src-5.15.2/examples/websockets/echoclient/echoclient.cpp
Examining data/qtwebsockets-opensource-src-5.15.2/examples/websockets/echoclient/echoclient.h
Examining data/qtwebsockets-opensource-src-5.15.2/examples/websockets/echoclient/main.cpp
Examining data/qtwebsockets-opensource-src-5.15.2/examples/websockets/echoserver/echoserver.cpp
Examining data/qtwebsockets-opensource-src-5.15.2/examples/websockets/echoserver/echoserver.h
Examining data/qtwebsockets-opensource-src-5.15.2/examples/websockets/echoserver/main.cpp
Examining data/qtwebsockets-opensource-src-5.15.2/examples/websockets/qmlwebsocketclient/main.cpp
Examining data/qtwebsockets-opensource-src-5.15.2/examples/websockets/qmlwebsocketserver/main.cpp
Examining data/qtwebsockets-opensource-src-5.15.2/examples/websockets/simplechat/chatserver.cpp
Examining data/qtwebsockets-opensource-src-5.15.2/examples/websockets/simplechat/chatserver.h
Examining data/qtwebsockets-opensource-src-5.15.2/examples/websockets/simplechat/main.cpp
Examining data/qtwebsockets-opensource-src-5.15.2/examples/websockets/sslechoclient/main.cpp
Examining data/qtwebsockets-opensource-src-5.15.2/examples/websockets/sslechoclient/sslechoclient.cpp
Examining data/qtwebsockets-opensource-src-5.15.2/examples/websockets/sslechoclient/sslechoclient.h
Examining data/qtwebsockets-opensource-src-5.15.2/examples/websockets/sslechoserver/main.cpp
Examining data/qtwebsockets-opensource-src-5.15.2/examples/websockets/sslechoserver/sslechoserver.cpp
Examining data/qtwebsockets-opensource-src-5.15.2/examples/websockets/sslechoserver/sslechoserver.h
Examining data/qtwebsockets-opensource-src-5.15.2/include/QtWebSockets/5.15.2/QtWebSockets/private/qdefaultmaskgenerator_p.h
Examining data/qtwebsockets-opensource-src-5.15.2/include/QtWebSockets/5.15.2/QtWebSockets/private/qsslserver_p.h
Examining data/qtwebsockets-opensource-src-5.15.2/include/QtWebSockets/5.15.2/QtWebSockets/private/qwebsocket_p.h
Examining data/qtwebsockets-opensource-src-5.15.2/include/QtWebSockets/5.15.2/QtWebSockets/private/qwebsocketcorsauthenticator_p.h
Examining data/qtwebsockets-opensource-src-5.15.2/include/QtWebSockets/5.15.2/QtWebSockets/private/qwebsocketdataprocessor_p.h
Examining data/qtwebsockets-opensource-src-5.15.2/include/QtWebSockets/5.15.2/QtWebSockets/private/qwebsocketframe_p.h
Examining data/qtwebsockets-opensource-src-5.15.2/include/QtWebSockets/5.15.2/QtWebSockets/private/qwebsockethandshakerequest_p.h
Examining data/qtwebsockets-opensource-src-5.15.2/include/QtWebSockets/5.15.2/QtWebSockets/private/qwebsockethandshakeresponse_p.h
Examining data/qtwebsockets-opensource-src-5.15.2/include/QtWebSockets/5.15.2/QtWebSockets/private/qwebsocketprotocol_p.h
Examining data/qtwebsockets-opensource-src-5.15.2/include/QtWebSockets/5.15.2/QtWebSockets/private/qwebsocketserver_p.h
Examining data/qtwebsockets-opensource-src-5.15.2/include/QtWebSockets/qmaskgenerator.h
Examining data/qtwebsockets-opensource-src-5.15.2/include/QtWebSockets/qtwebsocketsversion.h
Examining data/qtwebsockets-opensource-src-5.15.2/include/QtWebSockets/qwebsocket.h
Examining data/qtwebsockets-opensource-src-5.15.2/include/QtWebSockets/qwebsocketcorsauthenticator.h
Examining data/qtwebsockets-opensource-src-5.15.2/include/QtWebSockets/qwebsocketprotocol.h
Examining data/qtwebsockets-opensource-src-5.15.2/include/QtWebSockets/qwebsockets_global.h
Examining data/qtwebsockets-opensource-src-5.15.2/include/QtWebSockets/qwebsocketserver.h
Examining data/qtwebsockets-opensource-src-5.15.2/src/imports/qmlwebsockets/qmlwebsockets_plugin.cpp
Examining data/qtwebsockets-opensource-src-5.15.2/src/imports/qmlwebsockets/qmlwebsockets_plugin.h
Examining data/qtwebsockets-opensource-src-5.15.2/src/imports/qmlwebsockets/qqmlwebsocket.cpp
Examining data/qtwebsockets-opensource-src-5.15.2/src/imports/qmlwebsockets/qqmlwebsocket.h
Examining data/qtwebsockets-opensource-src-5.15.2/src/imports/qmlwebsockets/qqmlwebsocketserver.cpp
Examining data/qtwebsockets-opensource-src-5.15.2/src/imports/qmlwebsockets/qqmlwebsocketserver.h
Examining data/qtwebsockets-opensource-src-5.15.2/src/websockets/doc/snippets/src_websockets_ssl_qwebsocket.cpp
Examining data/qtwebsockets-opensource-src-5.15.2/src/websockets/qdefaultmaskgenerator_p.cpp
Examining data/qtwebsockets-opensource-src-5.15.2/src/websockets/qdefaultmaskgenerator_p.h
Examining data/qtwebsockets-opensource-src-5.15.2/src/websockets/qmaskgenerator.cpp
Examining data/qtwebsockets-opensource-src-5.15.2/src/websockets/qmaskgenerator.h
Examining data/qtwebsockets-opensource-src-5.15.2/src/websockets/qsslserver.cpp
Examining data/qtwebsockets-opensource-src-5.15.2/src/websockets/qsslserver_p.h
Examining data/qtwebsockets-opensource-src-5.15.2/src/websockets/qwebsocket.cpp
Examining data/qtwebsockets-opensource-src-5.15.2/src/websockets/qwebsocket.h
Examining data/qtwebsockets-opensource-src-5.15.2/src/websockets/qwebsocket_p.cpp
Examining data/qtwebsockets-opensource-src-5.15.2/src/websockets/qwebsocket_p.h
Examining data/qtwebsockets-opensource-src-5.15.2/src/websockets/qwebsocket_wasm_p.cpp
Examining data/qtwebsockets-opensource-src-5.15.2/src/websockets/qwebsocketcorsauthenticator.cpp
Examining data/qtwebsockets-opensource-src-5.15.2/src/websockets/qwebsocketcorsauthenticator.h
Examining data/qtwebsockets-opensource-src-5.15.2/src/websockets/qwebsocketcorsauthenticator_p.h
Examining data/qtwebsockets-opensource-src-5.15.2/src/websockets/qwebsocketdataprocessor.cpp
Examining data/qtwebsockets-opensource-src-5.15.2/src/websockets/qwebsocketdataprocessor_p.h
Examining data/qtwebsockets-opensource-src-5.15.2/src/websockets/qwebsocketframe.cpp
Examining data/qtwebsockets-opensource-src-5.15.2/src/websockets/qwebsocketframe_p.h
Examining data/qtwebsockets-opensource-src-5.15.2/src/websockets/qwebsockethandshakerequest.cpp
Examining data/qtwebsockets-opensource-src-5.15.2/src/websockets/qwebsockethandshakerequest_p.h
Examining data/qtwebsockets-opensource-src-5.15.2/src/websockets/qwebsockethandshakeresponse.cpp
Examining data/qtwebsockets-opensource-src-5.15.2/src/websockets/qwebsockethandshakeresponse_p.h
Examining data/qtwebsockets-opensource-src-5.15.2/src/websockets/qwebsocketprotocol.cpp
Examining data/qtwebsockets-opensource-src-5.15.2/src/websockets/qwebsocketprotocol.h
Examining data/qtwebsockets-opensource-src-5.15.2/src/websockets/qwebsocketprotocol_p.h
Examining data/qtwebsockets-opensource-src-5.15.2/src/websockets/qwebsockets_global.h
Examining data/qtwebsockets-opensource-src-5.15.2/src/websockets/qwebsocketserver.cpp
Examining data/qtwebsockets-opensource-src-5.15.2/src/websockets/qwebsocketserver.h
Examining data/qtwebsockets-opensource-src-5.15.2/src/websockets/qwebsocketserver_p.cpp
Examining data/qtwebsockets-opensource-src-5.15.2/src/websockets/qwebsocketserver_p.h
Examining data/qtwebsockets-opensource-src-5.15.2/tests/auto/qml/qmlwebsockets/tst_qmlwebsockets.cpp
Examining data/qtwebsockets-opensource-src-5.15.2/tests/auto/qml/qmlwebsockets_compat/tst_qmlwebsockets_compat.cpp
Examining data/qtwebsockets-opensource-src-5.15.2/tests/auto/websockets/dataprocessor/tst_dataprocessor.cpp
Examining data/qtwebsockets-opensource-src-5.15.2/tests/auto/websockets/handshakerequest/tst_handshakerequest.cpp
Examining data/qtwebsockets-opensource-src-5.15.2/tests/auto/websockets/handshakeresponse/tst_handshakeresponse.cpp
Examining data/qtwebsockets-opensource-src-5.15.2/tests/auto/websockets/qdefaultmaskgenerator/tst_defaultmaskgenerator.cpp
Examining data/qtwebsockets-opensource-src-5.15.2/tests/auto/websockets/qwebsocket/tst_qwebsocket.cpp
Examining data/qtwebsockets-opensource-src-5.15.2/tests/auto/websockets/qwebsocketcorsauthenticator/tst_qwebsocketcorsauthenticator.cpp
Examining data/qtwebsockets-opensource-src-5.15.2/tests/auto/websockets/qwebsocketserver/tst_qwebsocketserver.cpp
Examining data/qtwebsockets-opensource-src-5.15.2/tests/auto/websockets/websocketframe/tst_websocketframe.cpp
Examining data/qtwebsockets-opensource-src-5.15.2/tests/auto/websockets/websocketprotocol/tst_websocketprotocol.cpp
Examining data/qtwebsockets-opensource-src-5.15.2/tests/manual/compliance/tst_compliance.cpp
Examining data/qtwebsockets-opensource-src-5.15.2/tests/manual/websockets/tst_websockets.cpp
FINAL RESULTS:
data/qtwebsockets-opensource-src-5.15.2/examples/websockets/echoclient/echoclient.cpp:65:17: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
m_webSocket.open(QUrl(url));
data/qtwebsockets-opensource-src-5.15.2/examples/websockets/sslechoclient/sslechoclient.cpp:64:17: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
m_webSocket.open(QUrl(url));
data/qtwebsockets-opensource-src-5.15.2/examples/websockets/sslechoserver/sslechoserver.cpp:71:14: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
certFile.open(QIODevice::ReadOnly);
data/qtwebsockets-opensource-src-5.15.2/examples/websockets/sslechoserver/sslechoserver.cpp:72:13: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
keyFile.open(QIODevice::ReadOnly);
data/qtwebsockets-opensource-src-5.15.2/src/imports/qmlwebsockets/qqmlwebsocket.cpp:186:5: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
open();
data/qtwebsockets-opensource-src-5.15.2/src/imports/qmlwebsockets/qqmlwebsocket.cpp:212:5: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
open();
data/qtwebsockets-opensource-src-5.15.2/src/imports/qmlwebsockets/qqmlwebsocket.cpp:297:9: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
open();
data/qtwebsockets-opensource-src-5.15.2/src/imports/qmlwebsockets/qqmlwebsocket.cpp:308:21: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
void QQmlWebSocket::open()
data/qtwebsockets-opensource-src-5.15.2/src/imports/qmlwebsockets/qqmlwebsocket.cpp:311:22: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
m_webSocket->open(m_url);
data/qtwebsockets-opensource-src-5.15.2/src/imports/qmlwebsockets/qqmlwebsocket.h:115:10: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
void open();
data/qtwebsockets-opensource-src-5.15.2/src/websockets/doc/snippets/src_websockets_ssl_qwebsocket.cpp:35:8: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
socket.open(QUrl(QStringLiteral("wss://myserver.at.home")));
data/qtwebsockets-opensource-src-5.15.2/src/websockets/qwebsocket.cpp:422:18: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
void QWebSocket::open(const QUrl &url)
data/qtwebsockets-opensource-src-5.15.2/src/websockets/qwebsocket.cpp:426:8: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
d->open(request, true);
data/qtwebsockets-opensource-src-5.15.2/src/websockets/qwebsocket.cpp:437:18: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
void QWebSocket::open(const QNetworkRequest &request)
data/qtwebsockets-opensource-src-5.15.2/src/websockets/qwebsocket.cpp:440:8: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
d->open(request, true);
data/qtwebsockets-opensource-src-5.15.2/src/websockets/qwebsocket.h:132:10: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
void open(const QUrl &url);
data/qtwebsockets-opensource-src-5.15.2/src/websockets/qwebsocket.h:133:10: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
void open(const QNetworkRequest &request);
data/qtwebsockets-opensource-src-5.15.2/src/websockets/qwebsocket_p.cpp:374:25: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
void QWebSocketPrivate::open(const QNetworkRequest &request, bool mask)
data/qtwebsockets-opensource-src-5.15.2/src/websockets/qwebsocket_p.h:159:10: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
void open(const QNetworkRequest &request, bool mask);
data/qtwebsockets-opensource-src-5.15.2/src/websockets/qwebsocket_wasm_p.cpp:168:25: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
void QWebSocketPrivate::open(const QNetworkRequest &request, bool mask)
data/qtwebsockets-opensource-src-5.15.2/src/websockets/qwebsocketframe.cpp:263:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char header[2] = {0};
data/qtwebsockets-opensource-src-5.15.2/tests/auto/websockets/dataprocessor/tst_dataprocessor.cpp:271:12: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
buffer.open(QIODevice::ReadOnly);
data/qtwebsockets-opensource-src-5.15.2/tests/auto/websockets/dataprocessor/tst_dataprocessor.cpp:365:12: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
buffer.open(QIODevice::ReadOnly);
data/qtwebsockets-opensource-src-5.15.2/tests/auto/websockets/dataprocessor/tst_dataprocessor.cpp:415:12: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
buffer.open(QIODevice::ReadOnly);
data/qtwebsockets-opensource-src-5.15.2/tests/auto/websockets/dataprocessor/tst_dataprocessor.cpp:433:12: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
buffer.open(QIODevice::ReadOnly);
data/qtwebsockets-opensource-src-5.15.2/tests/auto/websockets/dataprocessor/tst_dataprocessor.cpp:546:12: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
buffer.open(QIODevice::ReadOnly);
data/qtwebsockets-opensource-src-5.15.2/tests/auto/websockets/dataprocessor/tst_dataprocessor.cpp:601:12: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
buffer.open(QIODevice::ReadOnly);
data/qtwebsockets-opensource-src-5.15.2/tests/auto/websockets/dataprocessor/tst_dataprocessor.cpp:699:16: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
buffer.open(QIODevice::ReadOnly);
data/qtwebsockets-opensource-src-5.15.2/tests/auto/websockets/dataprocessor/tst_dataprocessor.cpp:733:12: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
buffer.open(QIODevice::ReadOnly);
data/qtwebsockets-opensource-src-5.15.2/tests/auto/websockets/dataprocessor/tst_dataprocessor.cpp:776:12: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
buffer.open(QIODevice::ReadOnly);
data/qtwebsockets-opensource-src-5.15.2/tests/auto/websockets/dataprocessor/tst_dataprocessor.cpp:809:16: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
buffer.open(QIODevice::ReadOnly);
data/qtwebsockets-opensource-src-5.15.2/tests/auto/websockets/dataprocessor/tst_dataprocessor.cpp:838:16: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
buffer.open(QIODevice::ReadOnly);
data/qtwebsockets-opensource-src-5.15.2/tests/auto/websockets/dataprocessor/tst_dataprocessor.cpp:868:16: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
buffer.open(QIODevice::ReadOnly);
data/qtwebsockets-opensource-src-5.15.2/tests/auto/websockets/dataprocessor/tst_dataprocessor.cpp:897:16: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
buffer.open(QIODevice::ReadOnly);
data/qtwebsockets-opensource-src-5.15.2/tests/auto/websockets/dataprocessor/tst_dataprocessor.cpp:1381:12: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
buffer.open(QIODevice::ReadOnly);
data/qtwebsockets-opensource-src-5.15.2/tests/auto/websockets/dataprocessor/tst_dataprocessor.cpp:1487:12: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
buffer.open(QIODevice::ReadOnly);
data/qtwebsockets-opensource-src-5.15.2/tests/auto/websockets/dataprocessor/tst_dataprocessor.cpp:1527:12: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
buffer.open(QIODevice::ReadOnly);
data/qtwebsockets-opensource-src-5.15.2/tests/auto/websockets/dataprocessor/tst_dataprocessor.cpp:1881:16: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
buffer.open(QIODevice::ReadOnly);
data/qtwebsockets-opensource-src-5.15.2/tests/auto/websockets/qwebsocket/tst_qwebsocket.cpp:303:12: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
socket.open(QUrl(url));
data/qtwebsockets-opensource-src-5.15.2/tests/auto/websockets/qwebsocket/tst_qwebsocket.cpp:372:12: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
socket.open(QUrl(QStringLiteral("ws://127.0.0.1:1/")));
data/qtwebsockets-opensource-src-5.15.2/tests/auto/websockets/qwebsocket/tst_qwebsocket.cpp:441:12: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
socket.open(url);
data/qtwebsockets-opensource-src-5.15.2/tests/auto/websockets/qwebsocket/tst_qwebsocket.cpp:477:12: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
socket.open(url);
data/qtwebsockets-opensource-src-5.15.2/tests/auto/websockets/qwebsocket/tst_qwebsocket.cpp:512:12: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
socket.open(QUrl(QStringLiteral("ws://") + echoServer.hostAddress().toString() +
data/qtwebsockets-opensource-src-5.15.2/tests/auto/websockets/qwebsocket/tst_qwebsocket.cpp:556:12: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
socket.open(QUrl(QStringLiteral("ws://") + echoServer.hostAddress().toString() +
data/qtwebsockets-opensource-src-5.15.2/tests/auto/websockets/qwebsocket/tst_qwebsocket.cpp:590:12: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
socket.open(QUrl(QStringLiteral("ws://") + echoServer.hostAddress().toString() +
data/qtwebsockets-opensource-src-5.15.2/tests/auto/websockets/qwebsocket/tst_qwebsocket.cpp:624:12: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
socket.open(QUrl(QStringLiteral("ws://someserver.on.mars:9999")));
data/qtwebsockets-opensource-src-5.15.2/tests/auto/websockets/qwebsocket/tst_qwebsocket.cpp:650:12: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
socket.open(req);
data/qtwebsockets-opensource-src-5.15.2/tests/auto/websockets/qwebsocket/tst_qwebsocket.cpp:689:36: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
void onOpen(const QUrl &url) { open(url); }
data/qtwebsockets-opensource-src-5.15.2/tests/auto/websockets/qwebsocket/tst_qwebsocket.cpp:798:12: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
socket.open(url);
data/qtwebsockets-opensource-src-5.15.2/tests/auto/websockets/qwebsocket/tst_qwebsocket.cpp:827:12: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
socket.open(url);
data/qtwebsockets-opensource-src-5.15.2/tests/auto/websockets/qwebsocket/tst_qwebsocket.cpp:855:12: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
socket.open(url);
data/qtwebsockets-opensource-src-5.15.2/tests/auto/websockets/qwebsocketserver/tst_qwebsocketserver.cpp:378:12: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
socket.open(server.serverUrl().toString());
data/qtwebsockets-opensource-src-5.15.2/tests/auto/websockets/qwebsocketserver/tst_qwebsocketserver.cpp:462:12: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
socket.open(server.serverUrl().toString());
data/qtwebsockets-opensource-src-5.15.2/tests/auto/websockets/qwebsocketserver/tst_qwebsocketserver.cpp:511:13: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
socket1.open(server.serverUrl().toString());
data/qtwebsockets-opensource-src-5.15.2/tests/auto/websockets/qwebsocketserver/tst_qwebsocketserver.cpp:517:13: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
socket2.open(server.serverUrl().toString());
data/qtwebsockets-opensource-src-5.15.2/tests/auto/websockets/qwebsocketserver/tst_qwebsocketserver.cpp:522:13: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
socket3.open(server.serverUrl().toString());
data/qtwebsockets-opensource-src-5.15.2/tests/auto/websockets/qwebsocketserver/tst_qwebsocketserver.cpp:578:12: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
socket.open(server->serverUrl().toString());
data/qtwebsockets-opensource-src-5.15.2/tests/auto/websockets/qwebsocketserver/tst_qwebsocketserver.cpp:598:22: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
QVERIFY(certFile.open(QIODevice::ReadOnly));
data/qtwebsockets-opensource-src-5.15.2/tests/auto/websockets/qwebsocketserver/tst_qwebsocketserver.cpp:599:21: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
QVERIFY(keyFile.open(QIODevice::ReadOnly));
data/qtwebsockets-opensource-src-5.15.2/tests/auto/websockets/qwebsocketserver/tst_qwebsocketserver.cpp:622:17: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
plainSocket.open(plainServer.serverUrl().toString());
data/qtwebsockets-opensource-src-5.15.2/tests/auto/websockets/qwebsocketserver/tst_qwebsocketserver.cpp:646:18: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
secureSocket.open(secureServer.serverUrl().toString());
data/qtwebsockets-opensource-src-5.15.2/tests/auto/websockets/qwebsocketserver/tst_qwebsocketserver.cpp:671:15: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
webSocket.open(QStringLiteral("ws://localhost:%1").arg(tcpServer.serverPort()));
data/qtwebsockets-opensource-src-5.15.2/tests/auto/websockets/qwebsocketserver/tst_qwebsocketserver.cpp:734:16: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
socket.open(plainServer.serverUrl().toString());
data/qtwebsockets-opensource-src-5.15.2/tests/auto/websockets/qwebsocketserver/tst_qwebsocketserver.cpp:764:16: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
socket.open(plainServer.serverUrl().toString());
data/qtwebsockets-opensource-src-5.15.2/tests/auto/websockets/qwebsocketserver/tst_qwebsocketserver.cpp:808:22: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
secureSocket.open(secureServer.serverUrl().toString());
data/qtwebsockets-opensource-src-5.15.2/tests/auto/websockets/qwebsocketserver/tst_qwebsocketserver.cpp:830:16: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
socket.open(plainServer.serverUrl().toString());
data/qtwebsockets-opensource-src-5.15.2/tests/auto/websockets/qwebsocketserver/tst_qwebsocketserver.cpp:852:12: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
socket.open(server.serverUrl().toString());
data/qtwebsockets-opensource-src-5.15.2/tests/auto/websockets/websocketframe/tst_websocketframe.cpp:198:12: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
buffer.open(QIODevice::ReadOnly);
data/qtwebsockets-opensource-src-5.15.2/tests/auto/websockets/websocketframe/tst_websocketframe.cpp:329:12: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
buffer.open(QIODevice::ReadOnly);
data/qtwebsockets-opensource-src-5.15.2/tests/auto/websockets/websocketframe/tst_websocketframe.cpp:495:12: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
buffer.open(QIODevice::ReadOnly);
data/qtwebsockets-opensource-src-5.15.2/tests/auto/websockets/websocketframe/tst_websocketframe.cpp:607:12: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
buffer.open(QIODevice::ReadOnly);
data/qtwebsockets-opensource-src-5.15.2/tests/manual/compliance/tst_compliance.cpp:59:15: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
webSocket.open(url);
data/qtwebsockets-opensource-src-5.15.2/tests/manual/compliance/tst_compliance.cpp:82:15: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
webSocket.open(url);
data/qtwebsockets-opensource-src-5.15.2/tests/manual/compliance/tst_compliance.cpp:104:15: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
webSocket.open(url);
data/qtwebsockets-opensource-src-5.15.2/tests/manual/websockets/tst_websockets.cpp:100:19: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
m_pWebSocket->open(m_url);
data/qtwebsockets-opensource-src-5.15.2/src/websockets/qwebsocketframe.cpp:264:35: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (Q_UNLIKELY(pIoDevice->read(header, 2) < 2)) {
data/qtwebsockets-opensource-src-5.15.2/src/websockets/qwebsocketframe.cpp:310:39: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (Q_UNLIKELY(pIoDevice->read(reinterpret_cast<char *>(length), 2) < 2)) {
data/qtwebsockets-opensource-src-5.15.2/src/websockets/qwebsocketframe.cpp:329:39: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (Q_UNLIKELY(pIoDevice->read(reinterpret_cast<char *>(length), 8) < 8)) {
data/qtwebsockets-opensource-src-5.15.2/src/websockets/qwebsocketframe.cpp:363:35: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (Q_UNLIKELY(pIoDevice->read(reinterpret_cast<char *>(&m_mask), sizeof(m_mask)) < 4)) {
data/qtwebsockets-opensource-src-5.15.2/src/websockets/qwebsocketframe.cpp:387:32: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
m_payload = pIoDevice->read(int(m_length));
ANALYSIS SUMMARY:
Hits = 80
Lines analyzed = 16334 in approximately 0.53 seconds (30610 lines/second)
Physical Source Lines of Code (SLOC) = 9449
Hits@level = [0] 0 [1] 5 [2] 75 [3] 0 [4] 0 [5] 0
Hits@level+ = [0+] 80 [1+] 80 [2+] 75 [3+] 0 [4+] 0 [5+] 0
Hits/KSLOC@level+ = [0+] 8.4665 [1+] 8.4665 [2+] 7.93735 [3+] 0 [4+] 0 [5+] 0
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.