Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/tipp10-2.1.0/def/errordefines.h
Examining data/tipp10-2.1.0/def/defines.h
Examining data/tipp10-2.1.0/games/abcrainwidget.h
Examining data/tipp10-2.1.0/games/charball.cpp
Examining data/tipp10-2.1.0/games/charball.h
Examining data/tipp10-2.1.0/games/abcrainwidget.cpp
Examining data/tipp10-2.1.0/sql/chartablesql.h
Examining data/tipp10-2.1.0/sql/keyboardsql.cpp
Examining data/tipp10-2.1.0/sql/keyboardsql.h
Examining data/tipp10-2.1.0/sql/lessontablesql.h
Examining data/tipp10-2.1.0/sql/startsql.h
Examining data/tipp10-2.1.0/sql/trainingsql.cpp
Examining data/tipp10-2.1.0/sql/trainingsql.h
Examining data/tipp10-2.1.0/sql/startsql.cpp
Examining data/tipp10-2.1.0/sql/connection.h
Examining data/tipp10-2.1.0/sql/chartablesql.cpp
Examining data/tipp10-2.1.0/sql/lessontablesql.cpp
Examining data/tipp10-2.1.0/widget/checkversion.cpp
Examining data/tipp10-2.1.0/widget/checkversion.h
Examining data/tipp10-2.1.0/widget/companylogo.cpp
Examining data/tipp10-2.1.0/widget/companylogo.h
Examining data/tipp10-2.1.0/widget/downloaddialog.cpp
Examining data/tipp10-2.1.0/widget/downloaddialog.h
Examining data/tipp10-2.1.0/widget/errormessage.cpp
Examining data/tipp10-2.1.0/widget/errormessage.h
Examining data/tipp10-2.1.0/widget/evaluationwidget.cpp
Examining data/tipp10-2.1.0/widget/evaluationwidget.h
Examining data/tipp10-2.1.0/widget/fingerwidget.cpp
Examining data/tipp10-2.1.0/widget/fingerwidget.h
Examining data/tipp10-2.1.0/widget/helpbrowser.h
Examining data/tipp10-2.1.0/widget/illustrationdialog.cpp
Examining data/tipp10-2.1.0/widget/illustrationdialog.h
Examining data/tipp10-2.1.0/widget/illustrationimage.cpp
Examining data/tipp10-2.1.0/widget/illustrationimage.h
Examining data/tipp10-2.1.0/widget/keyboard.cpp
Examining data/tipp10-2.1.0/widget/keyboard.h
Examining data/tipp10-2.1.0/widget/lessondialog.h
Examining data/tipp10-2.1.0/widget/lessonprintdialog.cpp
Examining data/tipp10-2.1.0/widget/lessonprintdialog.h
Examining data/tipp10-2.1.0/widget/lessonresult.cpp
Examining data/tipp10-2.1.0/widget/lessonresult.h
Examining data/tipp10-2.1.0/widget/numpad.cpp
Examining data/tipp10-2.1.0/widget/numpad.h
Examining data/tipp10-2.1.0/widget/progressionwidget.cpp
Examining data/tipp10-2.1.0/widget/progressionwidget.h
Examining data/tipp10-2.1.0/widget/regexpdialog.cpp
Examining data/tipp10-2.1.0/widget/regexpdialog.h
Examining data/tipp10-2.1.0/widget/settingsdialog.cpp
Examining data/tipp10-2.1.0/widget/settingsdialog.h
Examining data/tipp10-2.1.0/widget/settingsdialogx.cpp
Examining data/tipp10-2.1.0/widget/settingsdialogx.h
Examining data/tipp10-2.1.0/widget/settingspages.h
Examining data/tipp10-2.1.0/widget/startwidget.h
Examining data/tipp10-2.1.0/widget/statusbar.cpp
Examining data/tipp10-2.1.0/widget/statusbar.h
Examining data/tipp10-2.1.0/widget/tickerboard.h
Examining data/tipp10-2.1.0/widget/trainingwidget.cpp
Examining data/tipp10-2.1.0/widget/trainingwidget.h
Examining data/tipp10-2.1.0/widget/txtmessagedialog.cpp
Examining data/tipp10-2.1.0/widget/txtmessagedialog.h
Examining data/tipp10-2.1.0/widget/updatedialog.cpp
Examining data/tipp10-2.1.0/widget/updatedialog.h
Examining data/tipp10-2.1.0/widget/tickerboard.cpp
Examining data/tipp10-2.1.0/widget/lessondialog.cpp
Examining data/tipp10-2.1.0/widget/helpbrowser.cpp
Examining data/tipp10-2.1.0/widget/mainwindow.h
Examining data/tipp10-2.1.0/widget/mainwindow.cpp
Examining data/tipp10-2.1.0/widget/settingspages.cpp
Examining data/tipp10-2.1.0/widget/startwidget.cpp
Examining data/tipp10-2.1.0/main.cpp
FINAL RESULTS:
data/tipp10-2.1.0/main.cpp:63:12: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
QLocale::system().name()).toString();
data/tipp10-2.1.0/sql/chartablesql.cpp:71:34: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
errorRatioString.sprintf("%.0f", errorRatio);
data/tipp10-2.1.0/sql/lessontablesql.cpp:111:30: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
lessonRateString.sprintf("%.0f", lessonRate);
data/tipp10-2.1.0/sql/lessontablesql.cpp:118:29: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
lessonCpmString.sprintf("%.0f", lessonCpm);
data/tipp10-2.1.0/sql/lessontablesql.cpp:126:31: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
lessonGradeString.sprintf("%.0f", lessonGrade);
data/tipp10-2.1.0/widget/fingerwidget.cpp:129:24: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
rateTempString.sprintf("%.0f", rateTemp);
data/tipp10-2.1.0/widget/lessonresult.cpp:231:20: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
lessonRate.sprintf("%.0f", lessonRateTemp);
data/tipp10-2.1.0/widget/lessonresult.cpp:234:19: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
lessonCpm.sprintf("%.0f", lessonCpmTemp);
data/tipp10-2.1.0/widget/lessonresult.cpp:239:21: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
lessonGrade.sprintf("%.0f", lessonGradeTemp);
data/tipp10-2.1.0/widget/lessonresult.cpp:240:27: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
lessonGradeSimple.sprintf("%.0f", lessonGradeTemp);
data/tipp10-2.1.0/widget/lessonresult.cpp:587:20: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
lessonRate.sprintf("%.0f", lessonRateTemp);
data/tipp10-2.1.0/widget/lessonresult.cpp:590:19: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
lessonCpm.sprintf("%.0f", lessonCpmTemp);
data/tipp10-2.1.0/widget/lessonresult.cpp:595:21: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
lessonGrade.sprintf("%.0f", lessonGradeTemp);
data/tipp10-2.1.0/widget/progressionwidget.cpp:159:25: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
gradeTempString.sprintf("%.0f", gradeTemp);
data/tipp10-2.1.0/widget/progressionwidget.cpp:163:23: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
cpmTempString.sprintf("%.0f", cpmTemp);
data/tipp10-2.1.0/sql/connection.h:121:13: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!db.open()) {
data/tipp10-2.1.0/sql/connection.h:281:13: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!db.open()) {
data/tipp10-2.1.0/sql/connection.h:348:18: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!sqlFile.open(QIODevice::ReadOnly | QIODevice::Text)) {
data/tipp10-2.1.0/widget/checkversion.cpp:51:27: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!tempVersionFile->open()) {
data/tipp10-2.1.0/widget/downloaddialog.cpp:196:23: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!tempTxtFile->open()) {
data/tipp10-2.1.0/widget/startwidget.cpp:915:12: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!file.open(QIODevice::ReadOnly | QIODevice::Text)) {
data/tipp10-2.1.0/widget/startwidget.cpp:1035:12: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!file.open(QFile::WriteOnly | QIODevice::Text)) {
data/tipp10-2.1.0/widget/updatedialog.cpp:153:27: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!tempVersionFile->open()) {
data/tipp10-2.1.0/widget/updatedialog.cpp:189:23: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!tempSqlFile->open()) {
ANALYSIS SUMMARY:
Hits = 24
Lines analyzed = 17881 in approximately 0.44 seconds (40852 lines/second)
Physical Source Lines of Code (SLOC) = 10953
Hits@level = [0] 0 [1] 0 [2] 9 [3] 0 [4] 15 [5] 0
Hits@level+ = [0+] 24 [1+] 24 [2+] 24 [3+] 15 [4+] 15 [5+] 0
Hits/KSLOC@level+ = [0+] 2.19118 [1+] 2.19118 [2+] 2.19118 [3+] 1.36949 [4+] 1.36949 [5+] 0
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.