Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/avogadro-1.93.0/avogadro/aboutdialog.cpp
Examining data/avogadro-1.93.0/avogadro/aboutdialog.h
Examining data/avogadro-1.93.0/avogadro/application.cpp
Examining data/avogadro-1.93.0/avogadro/application.h
Examining data/avogadro-1.93.0/avogadro/avogadro.cpp
Examining data/avogadro-1.93.0/avogadro/backgroundfileformat.cpp
Examining data/avogadro-1.93.0/avogadro/backgroundfileformat.h
Examining data/avogadro-1.93.0/avogadro/mainwindow.h
Examining data/avogadro-1.93.0/avogadro/menubuilder.cpp
Examining data/avogadro-1.93.0/avogadro/menubuilder.h
Examining data/avogadro-1.93.0/avogadro/rpclistener.cpp
Examining data/avogadro-1.93.0/avogadro/rpclistener.h
Examining data/avogadro-1.93.0/avogadro/viewfactory.cpp
Examining data/avogadro-1.93.0/avogadro/viewfactory.h
Examining data/avogadro-1.93.0/avogadro/mainwindow.cpp
FINAL RESULTS:
data/avogadro-1.93.0/avogadro/avogadro.cpp:75:38: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
qDebug() << "Locale: " << QLocale::system().name();
data/avogadro-1.93.0/avogadro/avogadro.cpp:80:18: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
QLocale::system(), "qt", "_",
data/avogadro-1.93.0/avogadro/avogadro.cpp:92:18: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
QLocale::system(), "qtbase", "_",
data/avogadro-1.93.0/avogadro/avogadro.cpp:103:38: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
if (qtTranslator.load(QLocale::system(), "qt", "_", translationPath)) {
data/avogadro-1.93.0/avogadro/avogadro.cpp:107:42: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
if (qtBaseTranslator.load(QLocale::system(), "qtbase", "_",
data/avogadro-1.93.0/avogadro/avogadro.cpp:113:37: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
if (avoTranslator.load(QLocale::system(), "avogadrolibs", "_",
data/avogadro-1.93.0/avogadro/mainwindow.cpp:161:14: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!xml.open(QIODevice::ReadOnly)) {
data/avogadro-1.93.0/avogadro/backgroundfileformat.cpp:34:28: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
void BackgroundFileFormat::read()
data/avogadro-1.93.0/avogadro/backgroundfileformat.h:90:8: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
void read();
data/avogadro-1.93.0/avogadro/mainwindow.cpp:630:89: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
connect(m_fileReadThread, &QThread::started, m_threadedReader, &BackgroundFileFormat::read);
ANALYSIS SUMMARY:
Hits = 10
Lines analyzed = 3554 in approximately 0.13 seconds (27853 lines/second)
Physical Source Lines of Code (SLOC) = 2426
Hits@level = [0] 0 [1] 3 [2] 1 [3] 0 [4] 6 [5] 0
Hits@level+ = [0+] 10 [1+] 10 [2+] 7 [3+] 6 [4+] 6 [5+] 0
Hits/KSLOC@level+ = [0+] 4.12201 [1+] 4.12201 [2+] 2.88541 [3+] 2.47321 [4+] 2.47321 [5+] 0
Dot directories skipped = 2 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.