Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/syndication-5.74.0/autotests/testlibsyndication.cpp
Examining data/syndication-5.74.0/autotests/syndicationtest.h
Examining data/syndication-5.74.0/autotests/loaderutiltest.cpp
Examining data/syndication-5.74.0/autotests/testpersonimpl.cpp
Examining data/syndication-5.74.0/autotests/benchmark.cpp
Examining data/syndication-5.74.0/autotests/syndicationtest.cpp
Examining data/syndication-5.74.0/autotests/testpersonimpl.h
Examining data/syndication-5.74.0/autotests/loaderutiltest.h
Examining data/syndication-5.74.0/tests/testloader.cpp
Examining data/syndication-5.74.0/tests/testloader.h
Examining data/syndication-5.74.0/src/documentvisitor.cpp
Examining data/syndication-5.74.0/src/mapper.h
Examining data/syndication-5.74.0/src/abstractparser.cpp
Examining data/syndication-5.74.0/src/documentvisitor.h
Examining data/syndication-5.74.0/src/item.cpp
Examining data/syndication-5.74.0/src/image.cpp
Examining data/syndication-5.74.0/src/documentsource.h
Examining data/syndication-5.74.0/src/elementwrapper.cpp
Examining data/syndication-5.74.0/src/syndication_private_export.h
Examining data/syndication-5.74.0/src/dataretriever.cpp
Examining data/syndication-5.74.0/src/loader.h
Examining data/syndication-5.74.0/src/loaderutil_p.h
Examining data/syndication-5.74.0/src/personimpl.h
Examining data/syndication-5.74.0/src/loader.cpp
Examining data/syndication-5.74.0/src/feed.cpp
Examining data/syndication-5.74.0/src/personimpl.cpp
Examining data/syndication-5.74.0/src/constants.cpp
Examining data/syndication-5.74.0/src/specificitemvisitor.h
Examining data/syndication-5.74.0/src/tools.h
Examining data/syndication-5.74.0/src/category.cpp
Examining data/syndication-5.74.0/src/specificdocument.h
Examining data/syndication-5.74.0/src/syndication.h
Examining data/syndication-5.74.0/src/tools.cpp
Examining data/syndication-5.74.0/src/person.h
Examining data/syndication-5.74.0/src/documentsource.cpp
Examining data/syndication-5.74.0/src/elementwrapper.h
Examining data/syndication-5.74.0/src/specificitem.h
Examining data/syndication-5.74.0/src/parsercollectionimpl.h
Examining data/syndication-5.74.0/src/dataretriever.h
Examining data/syndication-5.74.0/src/loaderutil.cpp
Examining data/syndication-5.74.0/src/feed.h
Examining data/syndication-5.74.0/src/rdf/textinput.h
Examining data/syndication-5.74.0/src/rdf/rdf.h
Examining data/syndication-5.74.0/src/rdf/item.cpp
Examining data/syndication-5.74.0/src/rdf/image.cpp
Examining data/syndication-5.74.0/src/rdf/document.cpp
Examining data/syndication-5.74.0/src/rdf/literal.cpp
Examining data/syndication-5.74.0/src/rdf/rdfvocab.cpp
Examining data/syndication-5.74.0/src/rdf/literal.h
Examining data/syndication-5.74.0/src/rdf/node.cpp
Examining data/syndication-5.74.0/src/rdf/syndicationvocab.cpp
Examining data/syndication-5.74.0/src/rdf/contentvocab.h
Examining data/syndication-5.74.0/src/rdf/model.cpp
Examining data/syndication-5.74.0/src/rdf/syndicationvocab.h
Examining data/syndication-5.74.0/src/rdf/textinput.cpp
Examining data/syndication-5.74.0/src/rdf/model.h
Examining data/syndication-5.74.0/src/rdf/dublincore.h
Examining data/syndication-5.74.0/src/rdf/rssvocab.cpp
Examining data/syndication-5.74.0/src/rdf/nodevisitor.h
Examining data/syndication-5.74.0/src/rdf/document.h
Examining data/syndication-5.74.0/src/rdf/nodevisitor.cpp
Examining data/syndication-5.74.0/src/rdf/parser.h
Examining data/syndication-5.74.0/src/rdf/property.cpp
Examining data/syndication-5.74.0/src/rdf/contentvocab.cpp
Examining data/syndication-5.74.0/src/rdf/dublincorevocab.h
Examining data/syndication-5.74.0/src/rdf/dublincore.cpp
Examining data/syndication-5.74.0/src/rdf/rssvocab.h
Examining data/syndication-5.74.0/src/rdf/syndicationinfo.cpp
Examining data/syndication-5.74.0/src/rdf/rdfvocab.h
Examining data/syndication-5.74.0/src/rdf/statement.h
Examining data/syndication-5.74.0/src/rdf/resource.cpp
Examining data/syndication-5.74.0/src/rdf/dublincorevocab.cpp
Examining data/syndication-5.74.0/src/rdf/resourcewrapper.h
Examining data/syndication-5.74.0/src/rdf/statement.cpp
Examining data/syndication-5.74.0/src/rdf/resource.h
Examining data/syndication-5.74.0/src/rdf/model_p.h
Examining data/syndication-5.74.0/src/rdf/property.h
Examining data/syndication-5.74.0/src/rdf/resourcewrapper.cpp
Examining data/syndication-5.74.0/src/rdf/sequence.h
Examining data/syndication-5.74.0/src/rdf/syndicationinfo.h
Examining data/syndication-5.74.0/src/rdf/image.h
Examining data/syndication-5.74.0/src/rdf/item.h
Examining data/syndication-5.74.0/src/rdf/modelmaker.h
Examining data/syndication-5.74.0/src/rdf/node.h
Examining data/syndication-5.74.0/src/rdf/parser.cpp
Examining data/syndication-5.74.0/src/rdf/modelmaker.cpp
Examining data/syndication-5.74.0/src/rdf/sequence.cpp
Examining data/syndication-5.74.0/src/specificitemvisitor.cpp
Examining data/syndication-5.74.0/src/atom/source.cpp
Examining data/syndication-5.74.0/src/atom/document.cpp
Examining data/syndication-5.74.0/src/atom/link.h
Examining data/syndication-5.74.0/src/atom/link.cpp
Examining data/syndication-5.74.0/src/atom/constants.cpp
Examining data/syndication-5.74.0/src/atom/entry.cpp
Examining data/syndication-5.74.0/src/atom/category.cpp
Examining data/syndication-5.74.0/src/atom/person.h
Examining data/syndication-5.74.0/src/atom/content.cpp
Examining data/syndication-5.74.0/src/atom/source.h
Examining data/syndication-5.74.0/src/atom/document.h
Examining data/syndication-5.74.0/src/atom/parser.h
Examining data/syndication-5.74.0/src/atom/atom.h
Examining data/syndication-5.74.0/src/atom/atomtools.cpp
Examining data/syndication-5.74.0/src/atom/generator.cpp
Examining data/syndication-5.74.0/src/atom/atomtools.h
Examining data/syndication-5.74.0/src/atom/entry.h
Examining data/syndication-5.74.0/src/atom/person.cpp
Examining data/syndication-5.74.0/src/atom/content.h
Examining data/syndication-5.74.0/src/atom/category.h
Examining data/syndication-5.74.0/src/atom/constants.h
Examining data/syndication-5.74.0/src/atom/generator.h
Examining data/syndication-5.74.0/src/atom/parser.cpp
Examining data/syndication-5.74.0/src/specificdocument.cpp
Examining data/syndication-5.74.0/src/global.h
Examining data/syndication-5.74.0/src/global.cpp
Examining data/syndication-5.74.0/src/parsercollection.h
Examining data/syndication-5.74.0/src/rss2/textinput.h
Examining data/syndication-5.74.0/src/rss2/tools_p.h
Examining data/syndication-5.74.0/src/rss2/source.cpp
Examining data/syndication-5.74.0/src/rss2/item.cpp
Examining data/syndication-5.74.0/src/rss2/image.cpp
Examining data/syndication-5.74.0/src/rss2/document.cpp
Examining data/syndication-5.74.0/src/rss2/category.cpp
Examining data/syndication-5.74.0/src/rss2/textinput.cpp
Examining data/syndication-5.74.0/src/rss2/rss2.h
Examining data/syndication-5.74.0/src/rss2/source.h
Examining data/syndication-5.74.0/src/rss2/document.h
Examining data/syndication-5.74.0/src/rss2/parser.h
Examining data/syndication-5.74.0/src/rss2/cloud.cpp
Examining data/syndication-5.74.0/src/rss2/tools_p.cpp
Examining data/syndication-5.74.0/src/rss2/enclosure.h
Examining data/syndication-5.74.0/src/rss2/cloud.h
Examining data/syndication-5.74.0/src/rss2/image.h
Examining data/syndication-5.74.0/src/rss2/category.h
Examining data/syndication-5.74.0/src/rss2/enclosure.cpp
Examining data/syndication-5.74.0/src/rss2/item.h
Examining data/syndication-5.74.0/src/rss2/parser.cpp
Examining data/syndication-5.74.0/src/enclosure.h
Examining data/syndication-5.74.0/src/person.cpp
Examining data/syndication-5.74.0/src/abstractparser.h
Examining data/syndication-5.74.0/src/image.h
Examining data/syndication-5.74.0/src/category.h
Examining data/syndication-5.74.0/src/enclosure.cpp
Examining data/syndication-5.74.0/src/constants.h
Examining data/syndication-5.74.0/src/specificitem.cpp
Examining data/syndication-5.74.0/src/item.h
Examining data/syndication-5.74.0/src/mapper/enclosureatomimpl.h
Examining data/syndication-5.74.0/src/mapper/feedatomimpl.cpp
Examining data/syndication-5.74.0/src/mapper/mapperrdfimpl.h
Examining data/syndication-5.74.0/src/mapper/feedrdfimpl.cpp
Examining data/syndication-5.74.0/src/mapper/itemrss2impl.h
Examining data/syndication-5.74.0/src/mapper/mapperrss2impl.h
Examining data/syndication-5.74.0/src/mapper/itematomimpl.cpp
Examining data/syndication-5.74.0/src/mapper/feedatomimpl.h
Examining data/syndication-5.74.0/src/mapper/itemrdfimpl.h
Examining data/syndication-5.74.0/src/mapper/enclosurerss2impl.cpp
Examining data/syndication-5.74.0/src/mapper/categoryrss2impl.h
Examining data/syndication-5.74.0/src/mapper/enclosureatomimpl.cpp
Examining data/syndication-5.74.0/src/mapper/mapperatomimpl.h
Examining data/syndication-5.74.0/src/mapper/imagerss2impl.cpp
Examining data/syndication-5.74.0/src/mapper/categoryatomimpl.h
Examining data/syndication-5.74.0/src/mapper/imagerdfimpl.h
Examining data/syndication-5.74.0/src/mapper/imagerss2impl.h
Examining data/syndication-5.74.0/src/mapper/enclosurerss2impl.h
Examining data/syndication-5.74.0/src/mapper/feedrss2impl.cpp
Examining data/syndication-5.74.0/src/mapper/categoryrss2impl.cpp
Examining data/syndication-5.74.0/src/mapper/feedrdfimpl.h
Examining data/syndication-5.74.0/src/mapper/itematomimpl.h
Examining data/syndication-5.74.0/src/mapper/categoryatomimpl.cpp
Examining data/syndication-5.74.0/src/mapper/imagerdfimpl.cpp
Examining data/syndication-5.74.0/src/mapper/itemrdfimpl.cpp
Examining data/syndication-5.74.0/src/mapper/itemrss2impl.cpp
Examining data/syndication-5.74.0/src/mapper/imageatomimpl.h
Examining data/syndication-5.74.0/src/mapper/feedrss2impl.h
FINAL RESULTS:
data/syndication-5.74.0/autotests/benchmark.cpp:48:11: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
input.open(QIODevice::ReadOnly);
data/syndication-5.74.0/autotests/benchmark.cpp:63:16: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!f.open(QIODevice::ReadOnly)) {
data/syndication-5.74.0/autotests/loaderutiltest.cpp:35:15: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
QVERIFY(f.open(QIODevice::ReadOnly|QIODevice::Text));
data/syndication-5.74.0/autotests/syndicationtest.cpp:63:15: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
QVERIFY(f.open(QIODevice::ReadOnly|QIODevice::Text));
data/syndication-5.74.0/autotests/syndicationtest.cpp:74:21: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
QVERIFY(expFile.open(QIODevice::ReadOnly|QIODevice::Text));
data/syndication-5.74.0/autotests/syndicationtest.cpp:86:20: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
headerFile.open(QIODevice::WriteOnly | QIODevice::Text);
data/syndication-5.74.0/autotests/testlibsyndication.cpp:72:12: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!f.open(QIODevice::ReadOnly|QIODevice::Text)) {
data/syndication-5.74.0/autotests/testlibsyndication.cpp:90:16: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
headerFile.open(QIODevice::WriteOnly | QIODevice::Text);
data/syndication-5.74.0/autotests/testlibsyndication.cpp:100:17: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
expFile.open(QIODevice::ReadOnly|QIODevice::Text);
data/syndication-5.74.0/src/loaderutil.cpp:22:16: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
headerFile.open(QIODevice::WriteOnly | QIODevice::Text);
ANALYSIS SUMMARY:
Hits = 10
Lines analyzed = 18588 in approximately 0.44 seconds (42415 lines/second)
Physical Source Lines of Code (SLOC) = 9754
Hits@level = [0] 0 [1] 0 [2] 10 [3] 0 [4] 0 [5] 0
Hits@level+ = [0+] 10 [1+] 10 [2+] 10 [3+] 0 [4+] 0 [5+] 0
Hits/KSLOC@level+ = [0+] 1.02522 [1+] 1.02522 [2+] 1.02522 [3+] 0 [4+] 0 [5+] 0
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.