Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/ukui-media-3.0.2/ukui-volume-control-applet-qt/ukmedia_osd_display_widget.h
Examining data/ukui-media-3.0.2/ukui-volume-control-applet-qt/ukmedia_monitor_window_thread.cpp
Examining data/ukui-media-3.0.2/ukui-volume-control-applet-qt/ukmedia_volume_slider.cpp
Examining data/ukui-media-3.0.2/ukui-volume-control-applet-qt/ukmedia_volume_slider.h
Examining data/ukui-media-3.0.2/ukui-volume-control-applet-qt/ukmedia_mini_master_volume_widget.cpp
Examining data/ukui-media-3.0.2/ukui-volume-control-applet-qt/ukmedia_slider_tip_label_helper.cpp
Examining data/ukui-media-3.0.2/ukui-volume-control-applet-qt/ukmedia_monitor_window_thread.h
Examining data/ukui-media-3.0.2/ukui-volume-control-applet-qt/ukmedia_device_volume_widget.cpp
Examining data/ukui-media-3.0.2/ukui-volume-control-applet-qt/customstyle.cpp
Examining data/ukui-media-3.0.2/ukui-volume-control-applet-qt/QtSingleApplication/qtsingleapplication.h
Examining data/ukui-media-3.0.2/ukui-volume-control-applet-qt/QtSingleApplication/qtsinglecoreapplication.h
Examining data/ukui-media-3.0.2/ukui-volume-control-applet-qt/QtSingleApplication/qtlockedfile_win.cpp
Examining data/ukui-media-3.0.2/ukui-volume-control-applet-qt/QtSingleApplication/qtlocalpeer.h
Examining data/ukui-media-3.0.2/ukui-volume-control-applet-qt/QtSingleApplication/qtlocalpeer.cpp
Examining data/ukui-media-3.0.2/ukui-volume-control-applet-qt/QtSingleApplication/qtlockedfile.h
Examining data/ukui-media-3.0.2/ukui-volume-control-applet-qt/QtSingleApplication/qtlockedfile.cpp
Examining data/ukui-media-3.0.2/ukui-volume-control-applet-qt/QtSingleApplication/qtsingleapplication.cpp
Examining data/ukui-media-3.0.2/ukui-volume-control-applet-qt/QtSingleApplication/qtsinglecoreapplication.cpp
Examining data/ukui-media-3.0.2/ukui-volume-control-applet-qt/QtSingleApplication/qtlockedfile_unix.cpp
Examining data/ukui-media-3.0.2/ukui-volume-control-applet-qt/ukmedia_slider_tip_label_helper.h
Examining data/ukui-media-3.0.2/ukui-volume-control-applet-qt/ukmedia_device_switch_widget.h
Examining data/ukui-media-3.0.2/ukui-volume-control-applet-qt/ukmedia_mini_master_volume_widget.h
Examining data/ukui-media-3.0.2/ukui-volume-control-applet-qt/customstyle.h
Examining data/ukui-media-3.0.2/ukui-volume-control-applet-qt/ukmedia_application_volume_widget.h
Examining data/ukui-media-3.0.2/ukui-volume-control-applet-qt/main.cpp
Examining data/ukui-media-3.0.2/ukui-volume-control-applet-qt/ukmedia_application_volume_widget.cpp
Examining data/ukui-media-3.0.2/ukui-volume-control-applet-qt/ukmedia_device_volume_widget.h
Examining data/ukui-media-3.0.2/ukui-volume-control-applet-qt/ukmedia_device_switch_widget.cpp
Examining data/ukui-media-3.0.2/ukui-volume-control-applet-qt/ukmedia_osd_display_widget.cpp
Examining data/ukui-media-3.0.2/ukui-volume-control/gvc-utils.h
Examining data/ukui-media-3.0.2/ukui-volume-control/gvc-stream-status-icon.c
Examining data/ukui-media-3.0.2/ukui-volume-control/gvc-mixer-dialog.c
Examining data/ukui-media-3.0.2/ukui-volume-control/gvc-sound-theme-chooser.c
Examining data/ukui-media-3.0.2/ukui-volume-control/gvc-level-bar.c
Examining data/ukui-media-3.0.2/ukui-volume-control/gvc-applet.h
Examining data/ukui-media-3.0.2/ukui-volume-control/sound-theme-file-utils.h
Examining data/ukui-media-3.0.2/ukui-volume-control/gvc-balance-bar.h
Examining data/ukui-media-3.0.2/ukui-volume-control/gvc-speaker-test.c
Examining data/ukui-media-3.0.2/ukui-volume-control/sound-theme-file-utils.c
Examining data/ukui-media-3.0.2/ukui-volume-control/gvc-level-bar.h
Examining data/ukui-media-3.0.2/ukui-volume-control/gvc-balance-bar.c
Examining data/ukui-media-3.0.2/ukui-volume-control/applet-main.c
Examining data/ukui-media-3.0.2/ukui-volume-control/gvc-combo-box.c
Examining data/ukui-media-3.0.2/ukui-volume-control/gvc-channel-bar.h
Examining data/ukui-media-3.0.2/ukui-volume-control/gvc-applet.c
Examining data/ukui-media-3.0.2/ukui-volume-control/gvc-speaker-test.h
Examining data/ukui-media-3.0.2/ukui-volume-control/gvc-channel-bar.c
Examining data/ukui-media-3.0.2/ukui-volume-control/gvc-stream-status-icon.h
Examining data/ukui-media-3.0.2/ukui-volume-control/dialog-main.c
Examining data/ukui-media-3.0.2/ukui-volume-control/gvc-sound-theme-chooser.h
Examining data/ukui-media-3.0.2/ukui-volume-control/gvc-combo-box.h
Examining data/ukui-media-3.0.2/ukui-volume-control/gvc-mixer-dialog.h
Examining data/ukui-media-3.0.2/ukui-volume-control/gvc-utils.c
FINAL RESULTS:
data/ukui-media-3.0.2/ukui-volume-control-applet-qt/main.cpp:96:70: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
translator.load("/usr/share/ukui-media/translations/" + QLocale::system().name());
data/ukui-media-3.0.2/ukui-volume-control-applet-qt/ukmedia_device_switch_widget.cpp:2452:19: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
int ret = system(SOUND_MODE_SCRIPTS);
data/ukui-media-3.0.2/ukui-volume-control-applet-qt/ukmedia_device_switch_widget.cpp:2621:30: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
char * allpath = strcat(prepath, path);
data/ukui-media-3.0.2/ukui-volume-control-applet-qt/ukmedia_device_switch_widget.cpp:2656:19: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
int ret = system(SOUND_MODE_SCRIPTS);
data/ukui-media-3.0.2/ukui-volume-control-applet-qt/ukmedia_device_switch_widget.cpp:3133:26: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
char * allpath = strcat(prepath, path);
data/ukui-media-3.0.2/ukui-volume-control-applet-qt/QtSingleApplication/qtlocalpeer.cpp:108:14: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
lockFile.open(QIODevice::ReadWrite);
data/ukui-media-3.0.2/ukui-volume-control-applet-qt/QtSingleApplication/qtlockedfile.cpp:123:20: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
bool QtLockedFile::open(OpenMode mode)
data/ukui-media-3.0.2/ukui-volume-control-applet-qt/QtSingleApplication/qtlockedfile.cpp:129:19: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
return QFile::open(mode);
data/ukui-media-3.0.2/ukui-volume-control-applet-qt/QtSingleApplication/qtlockedfile.h:76:10: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
bool open(OpenMode mode);
data/ukui-media-3.0.2/ukui-volume-control-applet-qt/main.cpp:67:13: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
outFile.open(QIODevice::WriteOnly | QIODevice::Append);
data/ukui-media-3.0.2/ukui-volume-control-applet-qt/main.cpp:103:9: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
qss.open(QFile::ReadOnly);
data/ukui-media-3.0.2/ukui-volume-control/gvc-channel-bar.c:836:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char percentage_text[10] = {0};
data/ukui-media-3.0.2/ukui-volume-control/gvc-channel-bar.c:837:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(percentage_text, " %d%%", percentage);
data/ukui-media-3.0.2/ukui-volume-control/gvc-sound-theme-chooser.c:518:15: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const char *sounds[3] = { "bell-terminal", "bell-window-system", NULL };
data/ukui-media-3.0.2/ukui-volume-control-applet-qt/QtSingleApplication/qtlocalpeer.cpp:167:28: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
res &= (socket.read(qstrlen(ack)) == ack);
ANALYSIS SUMMARY:
Hits = 15
Lines analyzed = 17044 in approximately 0.39 seconds (43617 lines/second)
Physical Source Lines of Code (SLOC) = 11851
Hits@level = [0] 1 [1] 1 [2] 9 [3] 0 [4] 5 [5] 0
Hits@level+ = [0+] 16 [1+] 15 [2+] 14 [3+] 5 [4+] 5 [5+] 0
Hits/KSLOC@level+ = [0+] 1.3501 [1+] 1.26572 [2+] 1.18133 [3+] 0.421905 [4+] 0.421905 [5+] 0
Dot directories skipped = 2 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.