Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler. Number of rules (primarily dangerous function names) in C/C++ ruleset: 223 Examining data/rclone-browser-1.8.0/src/export_dialog.cpp Examining data/rclone-browser-1.8.0/src/export_dialog.h Examining data/rclone-browser-1.8.0/src/icon_cache.cpp Examining data/rclone-browser-1.8.0/src/icon_cache.h Examining data/rclone-browser-1.8.0/src/item_model.cpp Examining data/rclone-browser-1.8.0/src/item_model.h Examining data/rclone-browser-1.8.0/src/job_options.cpp Examining data/rclone-browser-1.8.0/src/job_options.h Examining data/rclone-browser-1.8.0/src/job_widget.cpp Examining data/rclone-browser-1.8.0/src/job_widget.h Examining data/rclone-browser-1.8.0/src/list_of_job_options.cpp Examining data/rclone-browser-1.8.0/src/list_of_job_options.h Examining data/rclone-browser-1.8.0/src/main.cpp Examining data/rclone-browser-1.8.0/src/main_window.cpp Examining data/rclone-browser-1.8.0/src/main_window.h Examining data/rclone-browser-1.8.0/src/mount_widget.cpp Examining data/rclone-browser-1.8.0/src/mount_widget.h Examining data/rclone-browser-1.8.0/src/osx_helper.h Examining data/rclone-browser-1.8.0/src/pch.cpp Examining data/rclone-browser-1.8.0/src/pch.h Examining data/rclone-browser-1.8.0/src/preferences_dialog.cpp Examining data/rclone-browser-1.8.0/src/preferences_dialog.h Examining data/rclone-browser-1.8.0/src/progress_dialog.cpp Examining data/rclone-browser-1.8.0/src/progress_dialog.h Examining data/rclone-browser-1.8.0/src/remote_widget.cpp Examining data/rclone-browser-1.8.0/src/remote_widget.h Examining data/rclone-browser-1.8.0/src/stream_widget.cpp Examining data/rclone-browser-1.8.0/src/stream_widget.h Examining data/rclone-browser-1.8.0/src/transfer_dialog.cpp Examining data/rclone-browser-1.8.0/src/transfer_dialog.h Examining data/rclone-browser-1.8.0/src/utils.cpp Examining data/rclone-browser-1.8.0/src/utils.h FINAL RESULTS: data/rclone-browser-1.8.0/src/list_of_job_options.cpp:90:14: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if (!file->open(mode)) { data/rclone-browser-1.8.0/src/main.cpp:138:16: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if (tempfile.open()) { data/rclone-browser-1.8.0/src/main_window.cpp:227:64: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). QObject::connect(ui.remotes, &QListWidget::itemActivated, ui.open, data/rclone-browser-1.8.0/src/main_window.cpp:235:23: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). QObject::connect(ui.open, &QPushButton::clicked, this, [=]() { data/rclone-browser-1.8.0/src/main_window.cpp:732:8: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). tmp->open(QIODevice::WriteOnly); data/rclone-browser-1.8.0/src/remote_widget.cpp:502:18: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if (!file->open(QFile::WriteOnly)) { ANALYSIS SUMMARY: Hits = 6 Lines analyzed = 5434 in approximately 0.14 seconds (37668 lines/second) Physical Source Lines of Code (SLOC) = 4333 Hits@level = [0] 0 [1] 0 [2] 6 [3] 0 [4] 0 [5] 0 Hits@level+ = [0+] 6 [1+] 6 [2+] 6 [3+] 0 [4+] 0 [5+] 0 Hits/KSLOC@level+ = [0+] 1.38472 [1+] 1.38472 [2+] 1.38472 [3+] 0 [4+] 0 [5+] 0 Dot directories skipped = 1 (--followdotdir overrides) Minimum risk level = 1 Not every hit is necessarily a security vulnerability. There may be other security vulnerabilities; review your code! See 'Secure Programming HOWTO' (https://dwheeler.com/secure-programs) for more information.