Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/apper-1.0.0/AppSetup/SimplePage.h
Examining data/apper-1.0.0/AppSetup/SimplePage.cpp
Examining data/apper-1.0.0/AppSetup/SetupWizard.h
Examining data/apper-1.0.0/AppSetup/main.cpp
Examining data/apper-1.0.0/AppSetup/SetupWizard.cpp
Examining data/apper-1.0.0/apperd/RefreshCacheTask.h
Examining data/apper-1.0.0/apperd/RebootListener.h
Examining data/apper-1.0.0/apperd/apperd.cpp
Examining data/apper-1.0.0/apperd/TransactionWatcher.cpp
Examining data/apper-1.0.0/apperd/TransactionJob.h
Examining data/apper-1.0.0/apperd/apperd.h
Examining data/apper-1.0.0/apperd/Updater.cpp
Examining data/apper-1.0.0/apperd/RefreshCacheTask.cpp
Examining data/apper-1.0.0/apperd/DBusInterface.cpp
Examining data/apper-1.0.0/apperd/DBusInterface.h
Examining data/apper-1.0.0/apperd/ApperdThread.h
Examining data/apper-1.0.0/apperd/RebootListener.cpp
Examining data/apper-1.0.0/apperd/DistroUpgrade.cpp
Examining data/apper-1.0.0/apperd/DistroUpgrade.h
Examining data/apper-1.0.0/apperd/TransactionWatcher.h
Examining data/apper-1.0.0/apperd/TransactionJob.cpp
Examining data/apper-1.0.0/apperd/Updater.h
Examining data/apper-1.0.0/apperd/ApperdThread.cpp
Examining data/apper-1.0.0/Apper/CategoryModel.cpp
Examining data/apper-1.0.0/Apper/TransactionFilterModel.h
Examining data/apper-1.0.0/Apper/ScreenShotViewer.h
Examining data/apper-1.0.0/Apper/MainUi.h
Examining data/apper-1.0.0/Apper/TransactionHistory.h
Examining data/apper-1.0.0/Apper/TransactionModel.cpp
Examining data/apper-1.0.0/Apper/Apper.h
Examining data/apper-1.0.0/Apper/GraphicsOpacityDropShadowEffect.cpp
Examining data/apper-1.0.0/Apper/FiltersMenu.cpp
Examining data/apper-1.0.0/Apper/PackageDetails.h
Examining data/apper-1.0.0/Apper/ClickableLabel.cpp
Examining data/apper-1.0.0/Apper/GraphicsOpacityDropShadowEffect.h
Examining data/apper-1.0.0/Apper/FiltersMenu.h
Examining data/apper-1.0.0/Apper/TransactionHistory.cpp
Examining data/apper-1.0.0/Apper/BackendDetails.cpp
Examining data/apper-1.0.0/Apper/TransactionModel.h
Examining data/apper-1.0.0/Apper/BrowseView.cpp
Examining data/apper-1.0.0/Apper/TransactionFilterModel.cpp
Examining data/apper-1.0.0/Apper/CategoryModel.h
Examining data/apper-1.0.0/Apper/MainUi.cpp
Examining data/apper-1.0.0/Apper/Apper.cpp
Examining data/apper-1.0.0/Apper/Settings/Settings.h
Examining data/apper-1.0.0/Apper/Settings/OriginModel.h
Examining data/apper-1.0.0/Apper/Settings/OriginModel.cpp
Examining data/apper-1.0.0/Apper/Settings/Settings.cpp
Examining data/apper-1.0.0/Apper/main.cpp
Examining data/apper-1.0.0/Apper/ClickableLabel.h
Examining data/apper-1.0.0/Apper/BrowseView.h
Examining data/apper-1.0.0/Apper/BackendDetails.h
Examining data/apper-1.0.0/Apper/ApperKCM.h
Examining data/apper-1.0.0/Apper/ScreenShotViewer.cpp
Examining data/apper-1.0.0/Apper/PackageDetails.cpp
Examining data/apper-1.0.0/Apper/Updater/UpdateDetails.h
Examining data/apper-1.0.0/Apper/Updater/Updater.cpp
Examining data/apper-1.0.0/Apper/Updater/DistroUpgrade.cpp
Examining data/apper-1.0.0/Apper/Updater/DistroUpgrade.h
Examining data/apper-1.0.0/Apper/Updater/CheckableHeader.h
Examining data/apper-1.0.0/Apper/Updater/UpdateDetails.cpp
Examining data/apper-1.0.0/Apper/Updater/Updater.h
Examining data/apper-1.0.0/Apper/Updater/CheckableHeader.cpp
Examining data/apper-1.0.0/Apper/ApperKCM.cpp
Examining data/apper-1.0.0/libapper/PkTransaction.h
Examining data/apper-1.0.0/libapper/CategoryMatcher.cpp
Examining data/apper-1.0.0/libapper/LicenseAgreement.cpp
Examining data/apper-1.0.0/libapper/PackageModel.h
Examining data/apper-1.0.0/libapper/PkIcons.h
Examining data/apper-1.0.0/libapper/TransactionDelegate.h
Examining data/apper-1.0.0/libapper/PkTransaction.cpp
Examining data/apper-1.0.0/libapper/TransactionDelegate.cpp
Examining data/apper-1.0.0/libapper/PkTransactionProgressModel.cpp
Examining data/apper-1.0.0/libapper/PackageImportance.h
Examining data/apper-1.0.0/libapper/CustomProgressBar.cpp
Examining data/apper-1.0.0/libapper/PkIcons.cpp
Examining data/apper-1.0.0/libapper/CustomProgressBar.h
Examining data/apper-1.0.0/libapper/ApplicationLauncher.h
Examining data/apper-1.0.0/libapper/Requirements.cpp
Examining data/apper-1.0.0/libapper/RepoSig.cpp
Examining data/apper-1.0.0/libapper/InfoWidget.h
Examining data/apper-1.0.0/libapper/CategoryDrawer.h
Examining data/apper-1.0.0/libapper/CategoryMatcher.h
Examining data/apper-1.0.0/libapper/PkStrings.h
Examining data/apper-1.0.0/libapper/ChangesDelegate.h
Examining data/apper-1.0.0/libapper/InfoWidget.cpp
Examining data/apper-1.0.0/libapper/PkTransactionProgressModel.h
Examining data/apper-1.0.0/libapper/CategorizedView.cpp
Examining data/apper-1.0.0/libapper/AppStream.h
Examining data/apper-1.0.0/libapper/ChangesDelegate.cpp
Examining data/apper-1.0.0/libapper/PkTransactionWidget.h
Examining data/apper-1.0.0/libapper/AppStream.cpp
Examining data/apper-1.0.0/libapper/RepoSig.h
Examining data/apper-1.0.0/libapper/CategorizedView.h
Examining data/apper-1.0.0/libapper/ApplicationSortFilterModel.h
Examining data/apper-1.0.0/libapper/ApplicationsDelegate.cpp
Examining data/apper-1.0.0/libapper/PackageImportance.cpp
Examining data/apper-1.0.0/libapper/LicenseAgreement.h
Examining data/apper-1.0.0/libapper/PkStrings.cpp
Examining data/apper-1.0.0/libapper/ApplicationLauncher.cpp
Examining data/apper-1.0.0/libapper/Enum.h
Examining data/apper-1.0.0/libapper/PkTransactionWidget.cpp
Examining data/apper-1.0.0/libapper/ApplicationsDelegate.h
Examining data/apper-1.0.0/libapper/ApplicationSortFilterModel.cpp
Examining data/apper-1.0.0/libapper/Requirements.h
Examining data/apper-1.0.0/libapper/CategoryDrawer.cpp
Examining data/apper-1.0.0/libapper/PackageModel.cpp
Examining data/apper-1.0.0/declarative-plugins/qmlplugins.cpp
Examining data/apper-1.0.0/declarative-plugins/daemonhelper.h
Examining data/apper-1.0.0/declarative-plugins/DBusUpdaterInterface.cpp
Examining data/apper-1.0.0/declarative-plugins/daemonhelper.cpp
Examining data/apper-1.0.0/declarative-plugins/DBusUpdaterInterface.h
Examining data/apper-1.0.0/declarative-plugins/qmlplugins.h
Examining data/apper-1.0.0/PkSession/PkSession.cpp
Examining data/apper-1.0.0/PkSession/PkInstallCatalogs.cpp
Examining data/apper-1.0.0/PkSession/PkInstallPlasmaResources.h
Examining data/apper-1.0.0/PkSession/FilesModel.h
Examining data/apper-1.0.0/PkSession/PkInstallGStreamerResources.h
Examining data/apper-1.0.0/PkSession/PkInstallPrinterDrivers.cpp
Examining data/apper-1.0.0/PkSession/PkInstallCatalogs.h
Examining data/apper-1.0.0/PkSession/PkIsInstalled.cpp
Examining data/apper-1.0.0/PkSession/PkInstallMimeTypes.cpp
Examining data/apper-1.0.0/PkSession/ReviewChanges.h
Examining data/apper-1.0.0/PkSession/IntroDialog.h
Examining data/apper-1.0.0/PkSession/IntroDialog.cpp
Examining data/apper-1.0.0/PkSession/PkInstallFontconfigResources.cpp
Examining data/apper-1.0.0/PkSession/PkSearchFile.cpp
Examining data/apper-1.0.0/PkSession/PkInstallPackageNames.h
Examining data/apper-1.0.0/PkSession/SessionTask.h
Examining data/apper-1.0.0/PkSession/PkInstallPackageFiles.cpp
Examining data/apper-1.0.0/PkSession/PkInstallGStreamerResources.cpp
Examining data/apper-1.0.0/PkSession/PkInterface.cpp
Examining data/apper-1.0.0/PkSession/PkInstallPrinterDrivers.h
Examining data/apper-1.0.0/PkSession/AbstractIsRunning.cpp
Examining data/apper-1.0.0/PkSession/PkRemovePackageByFiles.h
Examining data/apper-1.0.0/PkSession/PkInstallFontconfigResources.h
Examining data/apper-1.0.0/PkSession/PkInterface.h
Examining data/apper-1.0.0/PkSession/AbstractIsRunning.h
Examining data/apper-1.0.0/PkSession/PkInstallPackageNames.cpp
Examining data/apper-1.0.0/PkSession/PkInstallPlasmaResources.cpp
Examining data/apper-1.0.0/PkSession/PkSession.h
Examining data/apper-1.0.0/PkSession/PkSearchFile.h
Examining data/apper-1.0.0/PkSession/PkInstallMimeTypes.h
Examining data/apper-1.0.0/PkSession/main.cpp
Examining data/apper-1.0.0/PkSession/PkIsInstalled.h
Examining data/apper-1.0.0/PkSession/PkInstallProvideFiles.cpp
Examining data/apper-1.0.0/PkSession/FilesModel.cpp
Examining data/apper-1.0.0/PkSession/PkInstallPackageFiles.h
Examining data/apper-1.0.0/PkSession/ReviewChanges.cpp
Examining data/apper-1.0.0/PkSession/PkRemovePackageByFiles.cpp
Examining data/apper-1.0.0/PkSession/SessionTask.cpp
Examining data/apper-1.0.0/PkSession/PkInstallProvideFiles.h
FINAL RESULTS:
data/apper-1.0.0/Apper/ApperKCM.cpp:80:68: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
Daemon::global()->setHints(QLatin1String("locale=") + QLocale::system().name() + QLatin1String(".UTF-8"));
data/apper-1.0.0/Apper/TransactionModel.cpp:58:29: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
dateI->setText(QLocale::system().toString(trans->timespec().date()));
data/apper-1.0.0/Apper/Updater/UpdateDetails.cpp:207:38: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
QLocale::system().toString(issued, QLocale::ShortFormat),
data/apper-1.0.0/Apper/Updater/UpdateDetails.cpp:208:38: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
QLocale::system().toString(updated, QLocale::ShortFormat)) +
data/apper-1.0.0/Apper/Updater/UpdateDetails.cpp:213:38: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
QLocale::system().toString(issued, QLocale::ShortFormat)) +
data/apper-1.0.0/PkSession/PkSession.cpp:44:68: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
Daemon::global()->setHints(QLatin1String("locale=") + QLocale::system().name() + QLatin1String(".UTF-8"));
data/apper-1.0.0/PkSession/SessionTask.cpp:83:68: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
Daemon::global()->setHints(QLatin1String("locale=") + QLocale::system().name() + QLatin1String(".UTF-8"));
data/apper-1.0.0/apperd/ApperdThread.cpp:105:68: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
Daemon::global()->setHints(QLatin1String("locale=") + QLocale::system().name() + QLatin1String(".UTF-8"));
data/apper-1.0.0/Apper/BrowseView.cpp:290:10: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
file.open(QIODevice::WriteOnly);
data/apper-1.0.0/Apper/CategoryModel.cpp:243:16: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!file.open(QIODevice::ReadOnly)) {
data/apper-1.0.0/Apper/PackageDetails.cpp:309:23: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
tempFile->open();
data/apper-1.0.0/Apper/ScreenShotViewer.cpp:53:15: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
tempFile->open();
data/apper-1.0.0/PkSession/PkInstallCatalogs.cpp:52:14: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (file.open(QIODevice::ReadOnly | QIODevice::Text)) {
data/apper-1.0.0/PkSession/PkInstallCatalogs.cpp:160:25: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (catalog.open(QIODevice::ReadOnly | QIODevice::Text)) {
data/apper-1.0.0/PkSession/PkInstallFontconfigResources.cpp:83:10: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
file.open(QFile::ReadOnly);
data/apper-1.0.0/PkSession/SessionTask.cpp:303:14: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (file.open(QFile::ReadOnly)) {
data/apper-1.0.0/PkSession/SessionTask.cpp:304:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[1024];
data/apper-1.0.0/libapper/AppStream.cpp:42:21: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
m_instance->open();
data/apper-1.0.0/libapper/AppStream.cpp:61:23: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
bool AppStreamHelper::open()
data/apper-1.0.0/libapper/AppStream.h:43:14: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
bool open();
ANALYSIS SUMMARY:
Hits = 20
Lines analyzed = 21094 in approximately 0.65 seconds (32614 lines/second)
Physical Source Lines of Code (SLOC) = 14382
Hits@level = [0] 0 [1] 0 [2] 12 [3] 0 [4] 8 [5] 0
Hits@level+ = [0+] 20 [1+] 20 [2+] 20 [3+] 8 [4+] 8 [5+] 0
Hits/KSLOC@level+ = [0+] 1.39063 [1+] 1.39063 [2+] 1.39063 [3+] 0.556251 [4+] 0.556251 [5+] 0
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.