Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler. Number of rules (primarily dangerous function names) in C/C++ ruleset: 223 Examining data/qtwebsockets-opensource-src-5.15.2/examples/websockets/echoclient/echoclient.cpp Examining data/qtwebsockets-opensource-src-5.15.2/examples/websockets/echoclient/echoclient.h Examining data/qtwebsockets-opensource-src-5.15.2/examples/websockets/echoclient/main.cpp Examining data/qtwebsockets-opensource-src-5.15.2/examples/websockets/echoserver/echoserver.cpp Examining data/qtwebsockets-opensource-src-5.15.2/examples/websockets/echoserver/echoserver.h Examining data/qtwebsockets-opensource-src-5.15.2/examples/websockets/echoserver/main.cpp Examining data/qtwebsockets-opensource-src-5.15.2/examples/websockets/qmlwebsocketclient/main.cpp Examining data/qtwebsockets-opensource-src-5.15.2/examples/websockets/qmlwebsocketserver/main.cpp Examining data/qtwebsockets-opensource-src-5.15.2/examples/websockets/simplechat/chatserver.cpp Examining data/qtwebsockets-opensource-src-5.15.2/examples/websockets/simplechat/chatserver.h Examining data/qtwebsockets-opensource-src-5.15.2/examples/websockets/simplechat/main.cpp Examining data/qtwebsockets-opensource-src-5.15.2/examples/websockets/sslechoclient/main.cpp Examining data/qtwebsockets-opensource-src-5.15.2/examples/websockets/sslechoclient/sslechoclient.cpp Examining data/qtwebsockets-opensource-src-5.15.2/examples/websockets/sslechoclient/sslechoclient.h Examining data/qtwebsockets-opensource-src-5.15.2/examples/websockets/sslechoserver/main.cpp Examining data/qtwebsockets-opensource-src-5.15.2/examples/websockets/sslechoserver/sslechoserver.cpp Examining data/qtwebsockets-opensource-src-5.15.2/examples/websockets/sslechoserver/sslechoserver.h Examining data/qtwebsockets-opensource-src-5.15.2/include/QtWebSockets/5.15.2/QtWebSockets/private/qdefaultmaskgenerator_p.h Examining data/qtwebsockets-opensource-src-5.15.2/include/QtWebSockets/5.15.2/QtWebSockets/private/qsslserver_p.h Examining data/qtwebsockets-opensource-src-5.15.2/include/QtWebSockets/5.15.2/QtWebSockets/private/qwebsocket_p.h Examining data/qtwebsockets-opensource-src-5.15.2/include/QtWebSockets/5.15.2/QtWebSockets/private/qwebsocketcorsauthenticator_p.h Examining data/qtwebsockets-opensource-src-5.15.2/include/QtWebSockets/5.15.2/QtWebSockets/private/qwebsocketdataprocessor_p.h Examining data/qtwebsockets-opensource-src-5.15.2/include/QtWebSockets/5.15.2/QtWebSockets/private/qwebsocketframe_p.h Examining data/qtwebsockets-opensource-src-5.15.2/include/QtWebSockets/5.15.2/QtWebSockets/private/qwebsockethandshakerequest_p.h Examining data/qtwebsockets-opensource-src-5.15.2/include/QtWebSockets/5.15.2/QtWebSockets/private/qwebsockethandshakeresponse_p.h Examining data/qtwebsockets-opensource-src-5.15.2/include/QtWebSockets/5.15.2/QtWebSockets/private/qwebsocketprotocol_p.h Examining data/qtwebsockets-opensource-src-5.15.2/include/QtWebSockets/5.15.2/QtWebSockets/private/qwebsocketserver_p.h Examining data/qtwebsockets-opensource-src-5.15.2/include/QtWebSockets/qmaskgenerator.h Examining data/qtwebsockets-opensource-src-5.15.2/include/QtWebSockets/qtwebsocketsversion.h Examining data/qtwebsockets-opensource-src-5.15.2/include/QtWebSockets/qwebsocket.h Examining data/qtwebsockets-opensource-src-5.15.2/include/QtWebSockets/qwebsocketcorsauthenticator.h Examining data/qtwebsockets-opensource-src-5.15.2/include/QtWebSockets/qwebsocketprotocol.h Examining data/qtwebsockets-opensource-src-5.15.2/include/QtWebSockets/qwebsockets_global.h Examining data/qtwebsockets-opensource-src-5.15.2/include/QtWebSockets/qwebsocketserver.h Examining data/qtwebsockets-opensource-src-5.15.2/src/imports/qmlwebsockets/qmlwebsockets_plugin.cpp Examining data/qtwebsockets-opensource-src-5.15.2/src/imports/qmlwebsockets/qmlwebsockets_plugin.h Examining data/qtwebsockets-opensource-src-5.15.2/src/imports/qmlwebsockets/qqmlwebsocket.cpp Examining data/qtwebsockets-opensource-src-5.15.2/src/imports/qmlwebsockets/qqmlwebsocket.h Examining data/qtwebsockets-opensource-src-5.15.2/src/imports/qmlwebsockets/qqmlwebsocketserver.cpp Examining data/qtwebsockets-opensource-src-5.15.2/src/imports/qmlwebsockets/qqmlwebsocketserver.h Examining data/qtwebsockets-opensource-src-5.15.2/src/websockets/doc/snippets/src_websockets_ssl_qwebsocket.cpp Examining data/qtwebsockets-opensource-src-5.15.2/src/websockets/qdefaultmaskgenerator_p.cpp Examining data/qtwebsockets-opensource-src-5.15.2/src/websockets/qdefaultmaskgenerator_p.h Examining data/qtwebsockets-opensource-src-5.15.2/src/websockets/qmaskgenerator.cpp Examining data/qtwebsockets-opensource-src-5.15.2/src/websockets/qmaskgenerator.h Examining data/qtwebsockets-opensource-src-5.15.2/src/websockets/qsslserver.cpp Examining data/qtwebsockets-opensource-src-5.15.2/src/websockets/qsslserver_p.h Examining data/qtwebsockets-opensource-src-5.15.2/src/websockets/qwebsocket.cpp Examining data/qtwebsockets-opensource-src-5.15.2/src/websockets/qwebsocket.h Examining data/qtwebsockets-opensource-src-5.15.2/src/websockets/qwebsocket_p.cpp Examining data/qtwebsockets-opensource-src-5.15.2/src/websockets/qwebsocket_p.h Examining data/qtwebsockets-opensource-src-5.15.2/src/websockets/qwebsocket_wasm_p.cpp Examining data/qtwebsockets-opensource-src-5.15.2/src/websockets/qwebsocketcorsauthenticator.cpp Examining data/qtwebsockets-opensource-src-5.15.2/src/websockets/qwebsocketcorsauthenticator.h Examining data/qtwebsockets-opensource-src-5.15.2/src/websockets/qwebsocketcorsauthenticator_p.h Examining data/qtwebsockets-opensource-src-5.15.2/src/websockets/qwebsocketdataprocessor.cpp Examining data/qtwebsockets-opensource-src-5.15.2/src/websockets/qwebsocketdataprocessor_p.h Examining data/qtwebsockets-opensource-src-5.15.2/src/websockets/qwebsocketframe.cpp Examining data/qtwebsockets-opensource-src-5.15.2/src/websockets/qwebsocketframe_p.h Examining data/qtwebsockets-opensource-src-5.15.2/src/websockets/qwebsockethandshakerequest.cpp Examining data/qtwebsockets-opensource-src-5.15.2/src/websockets/qwebsockethandshakerequest_p.h Examining data/qtwebsockets-opensource-src-5.15.2/src/websockets/qwebsockethandshakeresponse.cpp Examining data/qtwebsockets-opensource-src-5.15.2/src/websockets/qwebsockethandshakeresponse_p.h Examining data/qtwebsockets-opensource-src-5.15.2/src/websockets/qwebsocketprotocol.cpp Examining data/qtwebsockets-opensource-src-5.15.2/src/websockets/qwebsocketprotocol.h Examining data/qtwebsockets-opensource-src-5.15.2/src/websockets/qwebsocketprotocol_p.h Examining data/qtwebsockets-opensource-src-5.15.2/src/websockets/qwebsockets_global.h Examining data/qtwebsockets-opensource-src-5.15.2/src/websockets/qwebsocketserver.cpp Examining data/qtwebsockets-opensource-src-5.15.2/src/websockets/qwebsocketserver.h Examining data/qtwebsockets-opensource-src-5.15.2/src/websockets/qwebsocketserver_p.cpp Examining data/qtwebsockets-opensource-src-5.15.2/src/websockets/qwebsocketserver_p.h Examining data/qtwebsockets-opensource-src-5.15.2/tests/auto/qml/qmlwebsockets/tst_qmlwebsockets.cpp Examining data/qtwebsockets-opensource-src-5.15.2/tests/auto/qml/qmlwebsockets_compat/tst_qmlwebsockets_compat.cpp Examining data/qtwebsockets-opensource-src-5.15.2/tests/auto/websockets/dataprocessor/tst_dataprocessor.cpp Examining data/qtwebsockets-opensource-src-5.15.2/tests/auto/websockets/handshakerequest/tst_handshakerequest.cpp Examining data/qtwebsockets-opensource-src-5.15.2/tests/auto/websockets/handshakeresponse/tst_handshakeresponse.cpp Examining data/qtwebsockets-opensource-src-5.15.2/tests/auto/websockets/qdefaultmaskgenerator/tst_defaultmaskgenerator.cpp Examining data/qtwebsockets-opensource-src-5.15.2/tests/auto/websockets/qwebsocket/tst_qwebsocket.cpp Examining data/qtwebsockets-opensource-src-5.15.2/tests/auto/websockets/qwebsocketcorsauthenticator/tst_qwebsocketcorsauthenticator.cpp Examining data/qtwebsockets-opensource-src-5.15.2/tests/auto/websockets/qwebsocketserver/tst_qwebsocketserver.cpp Examining data/qtwebsockets-opensource-src-5.15.2/tests/auto/websockets/websocketframe/tst_websocketframe.cpp Examining data/qtwebsockets-opensource-src-5.15.2/tests/auto/websockets/websocketprotocol/tst_websocketprotocol.cpp Examining data/qtwebsockets-opensource-src-5.15.2/tests/manual/compliance/tst_compliance.cpp Examining data/qtwebsockets-opensource-src-5.15.2/tests/manual/websockets/tst_websockets.cpp FINAL RESULTS: data/qtwebsockets-opensource-src-5.15.2/examples/websockets/echoclient/echoclient.cpp:65:17: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). m_webSocket.open(QUrl(url)); data/qtwebsockets-opensource-src-5.15.2/examples/websockets/sslechoclient/sslechoclient.cpp:64:17: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). m_webSocket.open(QUrl(url)); data/qtwebsockets-opensource-src-5.15.2/examples/websockets/sslechoserver/sslechoserver.cpp:71:14: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). certFile.open(QIODevice::ReadOnly); data/qtwebsockets-opensource-src-5.15.2/examples/websockets/sslechoserver/sslechoserver.cpp:72:13: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). keyFile.open(QIODevice::ReadOnly); data/qtwebsockets-opensource-src-5.15.2/src/imports/qmlwebsockets/qqmlwebsocket.cpp:186:5: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). open(); data/qtwebsockets-opensource-src-5.15.2/src/imports/qmlwebsockets/qqmlwebsocket.cpp:212:5: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). open(); data/qtwebsockets-opensource-src-5.15.2/src/imports/qmlwebsockets/qqmlwebsocket.cpp:297:9: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). open(); data/qtwebsockets-opensource-src-5.15.2/src/imports/qmlwebsockets/qqmlwebsocket.cpp:308:21: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). void QQmlWebSocket::open() data/qtwebsockets-opensource-src-5.15.2/src/imports/qmlwebsockets/qqmlwebsocket.cpp:311:22: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). m_webSocket->open(m_url); data/qtwebsockets-opensource-src-5.15.2/src/imports/qmlwebsockets/qqmlwebsocket.h:115:10: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). void open(); data/qtwebsockets-opensource-src-5.15.2/src/websockets/doc/snippets/src_websockets_ssl_qwebsocket.cpp:35:8: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). socket.open(QUrl(QStringLiteral("wss://myserver.at.home"))); data/qtwebsockets-opensource-src-5.15.2/src/websockets/qwebsocket.cpp:422:18: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). void QWebSocket::open(const QUrl &url) data/qtwebsockets-opensource-src-5.15.2/src/websockets/qwebsocket.cpp:426:8: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). d->open(request, true); data/qtwebsockets-opensource-src-5.15.2/src/websockets/qwebsocket.cpp:437:18: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). void QWebSocket::open(const QNetworkRequest &request) data/qtwebsockets-opensource-src-5.15.2/src/websockets/qwebsocket.cpp:440:8: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). d->open(request, true); data/qtwebsockets-opensource-src-5.15.2/src/websockets/qwebsocket.h:132:10: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). void open(const QUrl &url); data/qtwebsockets-opensource-src-5.15.2/src/websockets/qwebsocket.h:133:10: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). void open(const QNetworkRequest &request); data/qtwebsockets-opensource-src-5.15.2/src/websockets/qwebsocket_p.cpp:374:25: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). void QWebSocketPrivate::open(const QNetworkRequest &request, bool mask) data/qtwebsockets-opensource-src-5.15.2/src/websockets/qwebsocket_p.h:159:10: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). void open(const QNetworkRequest &request, bool mask); data/qtwebsockets-opensource-src-5.15.2/src/websockets/qwebsocket_wasm_p.cpp:168:25: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). void QWebSocketPrivate::open(const QNetworkRequest &request, bool mask) data/qtwebsockets-opensource-src-5.15.2/src/websockets/qwebsocketframe.cpp:263:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char header[2] = {0}; data/qtwebsockets-opensource-src-5.15.2/tests/auto/websockets/dataprocessor/tst_dataprocessor.cpp:271:12: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). buffer.open(QIODevice::ReadOnly); data/qtwebsockets-opensource-src-5.15.2/tests/auto/websockets/dataprocessor/tst_dataprocessor.cpp:365:12: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). buffer.open(QIODevice::ReadOnly); data/qtwebsockets-opensource-src-5.15.2/tests/auto/websockets/dataprocessor/tst_dataprocessor.cpp:415:12: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). buffer.open(QIODevice::ReadOnly); data/qtwebsockets-opensource-src-5.15.2/tests/auto/websockets/dataprocessor/tst_dataprocessor.cpp:433:12: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). buffer.open(QIODevice::ReadOnly); data/qtwebsockets-opensource-src-5.15.2/tests/auto/websockets/dataprocessor/tst_dataprocessor.cpp:546:12: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). buffer.open(QIODevice::ReadOnly); data/qtwebsockets-opensource-src-5.15.2/tests/auto/websockets/dataprocessor/tst_dataprocessor.cpp:601:12: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). buffer.open(QIODevice::ReadOnly); data/qtwebsockets-opensource-src-5.15.2/tests/auto/websockets/dataprocessor/tst_dataprocessor.cpp:699:16: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). buffer.open(QIODevice::ReadOnly); data/qtwebsockets-opensource-src-5.15.2/tests/auto/websockets/dataprocessor/tst_dataprocessor.cpp:733:12: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). buffer.open(QIODevice::ReadOnly); data/qtwebsockets-opensource-src-5.15.2/tests/auto/websockets/dataprocessor/tst_dataprocessor.cpp:776:12: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). buffer.open(QIODevice::ReadOnly); data/qtwebsockets-opensource-src-5.15.2/tests/auto/websockets/dataprocessor/tst_dataprocessor.cpp:809:16: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). buffer.open(QIODevice::ReadOnly); data/qtwebsockets-opensource-src-5.15.2/tests/auto/websockets/dataprocessor/tst_dataprocessor.cpp:838:16: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). buffer.open(QIODevice::ReadOnly); data/qtwebsockets-opensource-src-5.15.2/tests/auto/websockets/dataprocessor/tst_dataprocessor.cpp:868:16: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). buffer.open(QIODevice::ReadOnly); data/qtwebsockets-opensource-src-5.15.2/tests/auto/websockets/dataprocessor/tst_dataprocessor.cpp:897:16: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). buffer.open(QIODevice::ReadOnly); data/qtwebsockets-opensource-src-5.15.2/tests/auto/websockets/dataprocessor/tst_dataprocessor.cpp:1381:12: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). buffer.open(QIODevice::ReadOnly); data/qtwebsockets-opensource-src-5.15.2/tests/auto/websockets/dataprocessor/tst_dataprocessor.cpp:1487:12: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). buffer.open(QIODevice::ReadOnly); data/qtwebsockets-opensource-src-5.15.2/tests/auto/websockets/dataprocessor/tst_dataprocessor.cpp:1527:12: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). buffer.open(QIODevice::ReadOnly); data/qtwebsockets-opensource-src-5.15.2/tests/auto/websockets/dataprocessor/tst_dataprocessor.cpp:1881:16: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). buffer.open(QIODevice::ReadOnly); data/qtwebsockets-opensource-src-5.15.2/tests/auto/websockets/qwebsocket/tst_qwebsocket.cpp:303:12: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). socket.open(QUrl(url)); data/qtwebsockets-opensource-src-5.15.2/tests/auto/websockets/qwebsocket/tst_qwebsocket.cpp:372:12: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). socket.open(QUrl(QStringLiteral("ws://127.0.0.1:1/"))); data/qtwebsockets-opensource-src-5.15.2/tests/auto/websockets/qwebsocket/tst_qwebsocket.cpp:441:12: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). socket.open(url); data/qtwebsockets-opensource-src-5.15.2/tests/auto/websockets/qwebsocket/tst_qwebsocket.cpp:477:12: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). socket.open(url); data/qtwebsockets-opensource-src-5.15.2/tests/auto/websockets/qwebsocket/tst_qwebsocket.cpp:512:12: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). socket.open(QUrl(QStringLiteral("ws://") + echoServer.hostAddress().toString() + data/qtwebsockets-opensource-src-5.15.2/tests/auto/websockets/qwebsocket/tst_qwebsocket.cpp:556:12: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). socket.open(QUrl(QStringLiteral("ws://") + echoServer.hostAddress().toString() + data/qtwebsockets-opensource-src-5.15.2/tests/auto/websockets/qwebsocket/tst_qwebsocket.cpp:590:12: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). socket.open(QUrl(QStringLiteral("ws://") + echoServer.hostAddress().toString() + data/qtwebsockets-opensource-src-5.15.2/tests/auto/websockets/qwebsocket/tst_qwebsocket.cpp:624:12: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). socket.open(QUrl(QStringLiteral("ws://someserver.on.mars:9999"))); data/qtwebsockets-opensource-src-5.15.2/tests/auto/websockets/qwebsocket/tst_qwebsocket.cpp:650:12: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). socket.open(req); data/qtwebsockets-opensource-src-5.15.2/tests/auto/websockets/qwebsocket/tst_qwebsocket.cpp:689:36: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). void onOpen(const QUrl &url) { open(url); } data/qtwebsockets-opensource-src-5.15.2/tests/auto/websockets/qwebsocket/tst_qwebsocket.cpp:798:12: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). socket.open(url); data/qtwebsockets-opensource-src-5.15.2/tests/auto/websockets/qwebsocket/tst_qwebsocket.cpp:827:12: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). socket.open(url); data/qtwebsockets-opensource-src-5.15.2/tests/auto/websockets/qwebsocket/tst_qwebsocket.cpp:855:12: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). socket.open(url); data/qtwebsockets-opensource-src-5.15.2/tests/auto/websockets/qwebsocketserver/tst_qwebsocketserver.cpp:378:12: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). socket.open(server.serverUrl().toString()); data/qtwebsockets-opensource-src-5.15.2/tests/auto/websockets/qwebsocketserver/tst_qwebsocketserver.cpp:462:12: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). socket.open(server.serverUrl().toString()); data/qtwebsockets-opensource-src-5.15.2/tests/auto/websockets/qwebsocketserver/tst_qwebsocketserver.cpp:511:13: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). socket1.open(server.serverUrl().toString()); data/qtwebsockets-opensource-src-5.15.2/tests/auto/websockets/qwebsocketserver/tst_qwebsocketserver.cpp:517:13: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). socket2.open(server.serverUrl().toString()); data/qtwebsockets-opensource-src-5.15.2/tests/auto/websockets/qwebsocketserver/tst_qwebsocketserver.cpp:522:13: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). socket3.open(server.serverUrl().toString()); data/qtwebsockets-opensource-src-5.15.2/tests/auto/websockets/qwebsocketserver/tst_qwebsocketserver.cpp:578:12: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). socket.open(server->serverUrl().toString()); data/qtwebsockets-opensource-src-5.15.2/tests/auto/websockets/qwebsocketserver/tst_qwebsocketserver.cpp:598:22: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). QVERIFY(certFile.open(QIODevice::ReadOnly)); data/qtwebsockets-opensource-src-5.15.2/tests/auto/websockets/qwebsocketserver/tst_qwebsocketserver.cpp:599:21: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). QVERIFY(keyFile.open(QIODevice::ReadOnly)); data/qtwebsockets-opensource-src-5.15.2/tests/auto/websockets/qwebsocketserver/tst_qwebsocketserver.cpp:622:17: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). plainSocket.open(plainServer.serverUrl().toString()); data/qtwebsockets-opensource-src-5.15.2/tests/auto/websockets/qwebsocketserver/tst_qwebsocketserver.cpp:646:18: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). secureSocket.open(secureServer.serverUrl().toString()); data/qtwebsockets-opensource-src-5.15.2/tests/auto/websockets/qwebsocketserver/tst_qwebsocketserver.cpp:671:15: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). webSocket.open(QStringLiteral("ws://localhost:%1").arg(tcpServer.serverPort())); data/qtwebsockets-opensource-src-5.15.2/tests/auto/websockets/qwebsocketserver/tst_qwebsocketserver.cpp:734:16: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). socket.open(plainServer.serverUrl().toString()); data/qtwebsockets-opensource-src-5.15.2/tests/auto/websockets/qwebsocketserver/tst_qwebsocketserver.cpp:764:16: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). socket.open(plainServer.serverUrl().toString()); data/qtwebsockets-opensource-src-5.15.2/tests/auto/websockets/qwebsocketserver/tst_qwebsocketserver.cpp:808:22: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). secureSocket.open(secureServer.serverUrl().toString()); data/qtwebsockets-opensource-src-5.15.2/tests/auto/websockets/qwebsocketserver/tst_qwebsocketserver.cpp:830:16: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). socket.open(plainServer.serverUrl().toString()); data/qtwebsockets-opensource-src-5.15.2/tests/auto/websockets/qwebsocketserver/tst_qwebsocketserver.cpp:852:12: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). socket.open(server.serverUrl().toString()); data/qtwebsockets-opensource-src-5.15.2/tests/auto/websockets/websocketframe/tst_websocketframe.cpp:198:12: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). buffer.open(QIODevice::ReadOnly); data/qtwebsockets-opensource-src-5.15.2/tests/auto/websockets/websocketframe/tst_websocketframe.cpp:329:12: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). buffer.open(QIODevice::ReadOnly); data/qtwebsockets-opensource-src-5.15.2/tests/auto/websockets/websocketframe/tst_websocketframe.cpp:495:12: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). buffer.open(QIODevice::ReadOnly); data/qtwebsockets-opensource-src-5.15.2/tests/auto/websockets/websocketframe/tst_websocketframe.cpp:607:12: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). buffer.open(QIODevice::ReadOnly); data/qtwebsockets-opensource-src-5.15.2/tests/manual/compliance/tst_compliance.cpp:59:15: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). webSocket.open(url); data/qtwebsockets-opensource-src-5.15.2/tests/manual/compliance/tst_compliance.cpp:82:15: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). webSocket.open(url); data/qtwebsockets-opensource-src-5.15.2/tests/manual/compliance/tst_compliance.cpp:104:15: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). webSocket.open(url); data/qtwebsockets-opensource-src-5.15.2/tests/manual/websockets/tst_websockets.cpp:100:19: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). m_pWebSocket->open(m_url); data/qtwebsockets-opensource-src-5.15.2/src/websockets/qwebsocketframe.cpp:264:35: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). if (Q_UNLIKELY(pIoDevice->read(header, 2) < 2)) { data/qtwebsockets-opensource-src-5.15.2/src/websockets/qwebsocketframe.cpp:310:39: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). if (Q_UNLIKELY(pIoDevice->read(reinterpret_cast<char *>(length), 2) < 2)) { data/qtwebsockets-opensource-src-5.15.2/src/websockets/qwebsocketframe.cpp:329:39: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). if (Q_UNLIKELY(pIoDevice->read(reinterpret_cast<char *>(length), 8) < 8)) { data/qtwebsockets-opensource-src-5.15.2/src/websockets/qwebsocketframe.cpp:363:35: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). if (Q_UNLIKELY(pIoDevice->read(reinterpret_cast<char *>(&m_mask), sizeof(m_mask)) < 4)) { data/qtwebsockets-opensource-src-5.15.2/src/websockets/qwebsocketframe.cpp:387:32: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). m_payload = pIoDevice->read(int(m_length)); ANALYSIS SUMMARY: Hits = 80 Lines analyzed = 16334 in approximately 0.53 seconds (30610 lines/second) Physical Source Lines of Code (SLOC) = 9449 Hits@level = [0] 0 [1] 5 [2] 75 [3] 0 [4] 0 [5] 0 Hits@level+ = [0+] 80 [1+] 80 [2+] 75 [3+] 0 [4+] 0 [5+] 0 Hits/KSLOC@level+ = [0+] 8.4665 [1+] 8.4665 [2+] 7.93735 [3+] 0 [4+] 0 [5+] 0 Dot directories skipped = 1 (--followdotdir overrides) Minimum risk level = 1 Not every hit is necessarily a security vulnerability. There may be other security vulnerabilities; review your code! See 'Secure Programming HOWTO' (https://dwheeler.com/secure-programs) for more information.