Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/rclone-browser-1.8.0/src/export_dialog.cpp
Examining data/rclone-browser-1.8.0/src/export_dialog.h
Examining data/rclone-browser-1.8.0/src/icon_cache.cpp
Examining data/rclone-browser-1.8.0/src/icon_cache.h
Examining data/rclone-browser-1.8.0/src/item_model.cpp
Examining data/rclone-browser-1.8.0/src/item_model.h
Examining data/rclone-browser-1.8.0/src/job_options.cpp
Examining data/rclone-browser-1.8.0/src/job_options.h
Examining data/rclone-browser-1.8.0/src/job_widget.cpp
Examining data/rclone-browser-1.8.0/src/job_widget.h
Examining data/rclone-browser-1.8.0/src/list_of_job_options.cpp
Examining data/rclone-browser-1.8.0/src/list_of_job_options.h
Examining data/rclone-browser-1.8.0/src/main.cpp
Examining data/rclone-browser-1.8.0/src/main_window.cpp
Examining data/rclone-browser-1.8.0/src/main_window.h
Examining data/rclone-browser-1.8.0/src/mount_widget.cpp
Examining data/rclone-browser-1.8.0/src/mount_widget.h
Examining data/rclone-browser-1.8.0/src/osx_helper.h
Examining data/rclone-browser-1.8.0/src/pch.cpp
Examining data/rclone-browser-1.8.0/src/pch.h
Examining data/rclone-browser-1.8.0/src/preferences_dialog.cpp
Examining data/rclone-browser-1.8.0/src/preferences_dialog.h
Examining data/rclone-browser-1.8.0/src/progress_dialog.cpp
Examining data/rclone-browser-1.8.0/src/progress_dialog.h
Examining data/rclone-browser-1.8.0/src/remote_widget.cpp
Examining data/rclone-browser-1.8.0/src/remote_widget.h
Examining data/rclone-browser-1.8.0/src/stream_widget.cpp
Examining data/rclone-browser-1.8.0/src/stream_widget.h
Examining data/rclone-browser-1.8.0/src/transfer_dialog.cpp
Examining data/rclone-browser-1.8.0/src/transfer_dialog.h
Examining data/rclone-browser-1.8.0/src/utils.cpp
Examining data/rclone-browser-1.8.0/src/utils.h
FINAL RESULTS:
data/rclone-browser-1.8.0/src/list_of_job_options.cpp:90:14: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!file->open(mode)) {
data/rclone-browser-1.8.0/src/main.cpp:138:16: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (tempfile.open()) {
data/rclone-browser-1.8.0/src/main_window.cpp:227:64: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
QObject::connect(ui.remotes, &QListWidget::itemActivated, ui.open,
data/rclone-browser-1.8.0/src/main_window.cpp:235:23: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
QObject::connect(ui.open, &QPushButton::clicked, this, [=]() {
data/rclone-browser-1.8.0/src/main_window.cpp:732:8: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
tmp->open(QIODevice::WriteOnly);
data/rclone-browser-1.8.0/src/remote_widget.cpp:502:18: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!file->open(QFile::WriteOnly)) {
ANALYSIS SUMMARY:
Hits = 6
Lines analyzed = 5434 in approximately 0.14 seconds (37668 lines/second)
Physical Source Lines of Code (SLOC) = 4333
Hits@level = [0] 0 [1] 0 [2] 6 [3] 0 [4] 0 [5] 0
Hits@level+ = [0+] 6 [1+] 6 [2+] 6 [3+] 0 [4+] 0 [5+] 0
Hits/KSLOC@level+ = [0+] 1.38472 [1+] 1.38472 [2+] 1.38472 [3+] 0 [4+] 0 [5+] 0
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.