Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler. Number of rules (primarily dangerous function names) in C/C++ ruleset: 223 Examining data/bluez-qt-5.74.0/autotests/qmltests.cpp Examining data/bluez-qt-5.74.0/autotests/gattmanagertest.h Examining data/bluez-qt-5.74.0/autotests/managertest.cpp Examining data/bluez-qt-5.74.0/autotests/jobstest.h Examining data/bluez-qt-5.74.0/autotests/inputtest.h Examining data/bluez-qt-5.74.0/autotests/leadvertisingmanagertest.cpp Examining data/bluez-qt-5.74.0/autotests/mediatransporttest.cpp Examining data/bluez-qt-5.74.0/autotests/autotests.h Examining data/bluez-qt-5.74.0/autotests/adaptertest.h Examining data/bluez-qt-5.74.0/autotests/devicetest.h Examining data/bluez-qt-5.74.0/autotests/batterytest.cpp Examining data/bluez-qt-5.74.0/autotests/inputtest.cpp Examining data/bluez-qt-5.74.0/autotests/jobstest.cpp Examining data/bluez-qt-5.74.0/autotests/mediaplayertest.h Examining data/bluez-qt-5.74.0/autotests/devicetest.cpp Examining data/bluez-qt-5.74.0/autotests/batterytest.h Examining data/bluez-qt-5.74.0/autotests/mediatransporttest.h Examining data/bluez-qt-5.74.0/autotests/autotests.cpp Examining data/bluez-qt-5.74.0/autotests/adaptertest.cpp Examining data/bluez-qt-5.74.0/autotests/agentmanagertest.h Examining data/bluez-qt-5.74.0/autotests/agentmanagertest.cpp Examining data/bluez-qt-5.74.0/autotests/obexmanagertest.cpp Examining data/bluez-qt-5.74.0/autotests/obexmanagertest.h Examining data/bluez-qt-5.74.0/autotests/mediatest.cpp Examining data/bluez-qt-5.74.0/autotests/mediatest.h Examining data/bluez-qt-5.74.0/autotests/mediaplayertest.cpp Examining data/bluez-qt-5.74.0/autotests/fakebluez/mediainterface.h Examining data/bluez-qt-5.74.0/autotests/fakebluez/adapterinterface.h Examining data/bluez-qt-5.74.0/autotests/fakebluez/obexagentmanager.h Examining data/bluez-qt-5.74.0/autotests/fakebluez/mediaplayerinterface.cpp Examining data/bluez-qt-5.74.0/autotests/fakebluez/batteryinterface.cpp Examining data/bluez-qt-5.74.0/autotests/fakebluez/mediatransportinterface.h Examining data/bluez-qt-5.74.0/autotests/fakebluez/inputinterface.h Examining data/bluez-qt-5.74.0/autotests/fakebluez/fakebluez.h Examining data/bluez-qt-5.74.0/autotests/fakebluez/batteryinterface.h Examining data/bluez-qt-5.74.0/autotests/fakebluez/mediaplayerinterface.h Examining data/bluez-qt-5.74.0/autotests/fakebluez/deviceinterface.h Examining data/bluez-qt-5.74.0/autotests/fakebluez/agentmanager.h Examining data/bluez-qt-5.74.0/autotests/fakebluez/inputinterface.cpp Examining data/bluez-qt-5.74.0/autotests/fakebluez/gattmanagerinterface.cpp Examining data/bluez-qt-5.74.0/autotests/fakebluez/testinterface.cpp Examining data/bluez-qt-5.74.0/autotests/fakebluez/mediainterface.cpp Examining data/bluez-qt-5.74.0/autotests/fakebluez/object.h Examining data/bluez-qt-5.74.0/autotests/fakebluez/profilemanager.cpp Examining data/bluez-qt-5.74.0/autotests/fakebluez/leadvertisingmanagerinterface.h Examining data/bluez-qt-5.74.0/autotests/fakebluez/mediatransportinterface.cpp Examining data/bluez-qt-5.74.0/autotests/fakebluez/obexclient.cpp Examining data/bluez-qt-5.74.0/autotests/fakebluez/objectmanager.h Examining data/bluez-qt-5.74.0/autotests/fakebluez/leadvertisingmanagerinterface.cpp Examining data/bluez-qt-5.74.0/autotests/fakebluez/gattmanagerinterface.h Examining data/bluez-qt-5.74.0/autotests/fakebluez/obexclient.h Examining data/bluez-qt-5.74.0/autotests/fakebluez/main.cpp Examining data/bluez-qt-5.74.0/autotests/fakebluez/agentmanager.cpp Examining data/bluez-qt-5.74.0/autotests/fakebluez/profilemanager.h Examining data/bluez-qt-5.74.0/autotests/fakebluez/object.cpp Examining data/bluez-qt-5.74.0/autotests/fakebluez/devicemanager.cpp Examining data/bluez-qt-5.74.0/autotests/fakebluez/obexagentmanager.cpp Examining data/bluez-qt-5.74.0/autotests/fakebluez/objectmanager.cpp Examining data/bluez-qt-5.74.0/autotests/fakebluez/devicemanager.h Examining data/bluez-qt-5.74.0/autotests/fakebluez/adapterinterface.cpp Examining data/bluez-qt-5.74.0/autotests/fakebluez/testinterface.h Examining data/bluez-qt-5.74.0/autotests/fakebluez/deviceinterface.cpp Examining data/bluez-qt-5.74.0/autotests/fakebluez/fakebluez.cpp Examining data/bluez-qt-5.74.0/autotests/managertest.h Examining data/bluez-qt-5.74.0/autotests/leadvertisingmanagertest.h Examining data/bluez-qt-5.74.0/autotests/gattmanagertest.cpp Examining data/bluez-qt-5.74.0/tests/adaptersreceiver.cpp Examining data/bluez-qt-5.74.0/tests/chatprofile.h Examining data/bluez-qt-5.74.0/tests/mediaendpointconnector.cpp Examining data/bluez-qt-5.74.0/tests/leserver.cpp Examining data/bluez-qt-5.74.0/tests/adaptersreceiver.h Examining data/bluez-qt-5.74.0/tests/mediaendpointconnector.h Examining data/bluez-qt-5.74.0/tests/devicereceiver.h Examining data/bluez-qt-5.74.0/tests/leserver.h Examining data/bluez-qt-5.74.0/tests/devicereceiver.cpp Examining data/bluez-qt-5.74.0/tests/chatprofile.cpp Examining data/bluez-qt-5.74.0/tools/bluezapi2qt/Interface.h Examining data/bluez-qt-5.74.0/tools/bluezapi2qt/Parameter.h Examining data/bluez-qt-5.74.0/tools/bluezapi2qt/Properties.cpp Examining data/bluez-qt-5.74.0/tools/bluezapi2qt/Interface.cpp Examining data/bluez-qt-5.74.0/tools/bluezapi2qt/Property.cpp Examining data/bluez-qt-5.74.0/tools/bluezapi2qt/XmlGenerator.h Examining data/bluez-qt-5.74.0/tools/bluezapi2qt/BluezApiParser.cpp Examining data/bluez-qt-5.74.0/tools/bluezapi2qt/Methods.cpp Examining data/bluez-qt-5.74.0/tools/bluezapi2qt/TypeAnnotation.cpp Examining data/bluez-qt-5.74.0/tools/bluezapi2qt/Comment.h Examining data/bluez-qt-5.74.0/tools/bluezapi2qt/Parameter.cpp Examining data/bluez-qt-5.74.0/tools/bluezapi2qt/CppGenerator.cpp Examining data/bluez-qt-5.74.0/tools/bluezapi2qt/main.cpp Examining data/bluez-qt-5.74.0/tools/bluezapi2qt/Methods.h Examining data/bluez-qt-5.74.0/tools/bluezapi2qt/Method.h Examining data/bluez-qt-5.74.0/tools/bluezapi2qt/XmlGenerator.cpp Examining data/bluez-qt-5.74.0/tools/bluezapi2qt/Properties.h Examining data/bluez-qt-5.74.0/tools/bluezapi2qt/Comment.cpp Examining data/bluez-qt-5.74.0/tools/bluezapi2qt/BluezApiParser.h Examining data/bluez-qt-5.74.0/tools/bluezapi2qt/Property.h Examining data/bluez-qt-5.74.0/tools/bluezapi2qt/CppGenerator.h Examining data/bluez-qt-5.74.0/tools/bluezapi2qt/TypeAnnotation.h Examining data/bluez-qt-5.74.0/tools/bluezapi2qt/Method.cpp Examining data/bluez-qt-5.74.0/src/mediaplayer.cpp Examining data/bluez-qt-5.74.0/src/pendingcall.h Examining data/bluez-qt-5.74.0/src/obexmanager.cpp Examining data/bluez-qt-5.74.0/src/leadvertisement_p.h Examining data/bluez-qt-5.74.0/src/gattcharacteristic.cpp Examining data/bluez-qt-5.74.0/src/tpendingcall.h Examining data/bluez-qt-5.74.0/src/services.h Examining data/bluez-qt-5.74.0/src/obextransfer.cpp Examining data/bluez-qt-5.74.0/src/gattserviceadaptor.cpp Examining data/bluez-qt-5.74.0/src/obexfiletransfer.h Examining data/bluez-qt-5.74.0/src/obexagent.cpp Examining data/bluez-qt-5.74.0/src/a2dp-codecs.h Examining data/bluez-qt-5.74.0/src/obextransfer_p.h Examining data/bluez-qt-5.74.0/src/initmanagerjob.cpp Examining data/bluez-qt-5.74.0/src/obexsession.h Examining data/bluez-qt-5.74.0/src/adapter_p.h Examining data/bluez-qt-5.74.0/src/media.h Examining data/bluez-qt-5.74.0/src/mediatypes.h Examining data/bluez-qt-5.74.0/src/obexsession.cpp Examining data/bluez-qt-5.74.0/src/mediaendpoint_p.h Examining data/bluez-qt-5.74.0/src/rfkill.cpp Examining data/bluez-qt-5.74.0/src/obexmanager.h Examining data/bluez-qt-5.74.0/src/gattmanager.cpp Examining data/bluez-qt-5.74.0/src/agentadaptor.cpp Examining data/bluez-qt-5.74.0/src/gattserviceadaptor.h Examining data/bluez-qt-5.74.0/src/input.cpp Examining data/bluez-qt-5.74.0/src/battery.h Examining data/bluez-qt-5.74.0/src/request.h Examining data/bluez-qt-5.74.0/src/obextransfer.h Examining data/bluez-qt-5.74.0/src/gattservice_p.cpp Examining data/bluez-qt-5.74.0/src/objectmanageradaptor.h Examining data/bluez-qt-5.74.0/src/obexagentadaptor.h Examining data/bluez-qt-5.74.0/src/agentadaptor.h Examining data/bluez-qt-5.74.0/src/mediaendpoint.h Examining data/bluez-qt-5.74.0/src/mediatransport_p.cpp Examining data/bluez-qt-5.74.0/src/obexmanager_p.cpp Examining data/bluez-qt-5.74.0/src/initmanagerjob.h Examining data/bluez-qt-5.74.0/src/mediaplayer.h Examining data/bluez-qt-5.74.0/src/objectmanageradaptor.cpp Examining data/bluez-qt-5.74.0/src/gattapplication_p.cpp Examining data/bluez-qt-5.74.0/src/utils.h Examining data/bluez-qt-5.74.0/src/gattcharacteristicadaptor.h Examining data/bluez-qt-5.74.0/src/gattservice.h Examining data/bluez-qt-5.74.0/src/job.cpp Examining data/bluez-qt-5.74.0/src/mediaendpointadaptor.cpp Examining data/bluez-qt-5.74.0/src/imports/declarativeadapter.cpp Examining data/bluez-qt-5.74.0/src/imports/declarativeinput.h Examining data/bluez-qt-5.74.0/src/imports/declarativedevicesmodel.h Examining data/bluez-qt-5.74.0/src/imports/declarativebattery.h Examining data/bluez-qt-5.74.0/src/imports/declarativeadapter.h Examining data/bluez-qt-5.74.0/src/imports/declarativedevice.h Examining data/bluez-qt-5.74.0/src/imports/declarativemediaplayer.cpp Examining data/bluez-qt-5.74.0/src/imports/declarativedevicesmodel.cpp Examining data/bluez-qt-5.74.0/src/imports/declarativemanager.h Examining data/bluez-qt-5.74.0/src/imports/bluezqtextensionplugin.cpp Examining data/bluez-qt-5.74.0/src/imports/declarativemediaplayer.h Examining data/bluez-qt-5.74.0/src/imports/declarativemanager.cpp Examining data/bluez-qt-5.74.0/src/imports/declarativedevice.cpp Examining data/bluez-qt-5.74.0/src/imports/bluezqtextensionplugin.h Examining data/bluez-qt-5.74.0/src/imports/declarativebattery.cpp Examining data/bluez-qt-5.74.0/src/imports/declarativeinput.cpp Examining data/bluez-qt-5.74.0/src/gattapplication.h Examining data/bluez-qt-5.74.0/src/battery_p.h Examining data/bluez-qt-5.74.0/src/mediaplayertrack.cpp Examining data/bluez-qt-5.74.0/src/mediaplayer_p.h Examining data/bluez-qt-5.74.0/src/media_p.h Examining data/bluez-qt-5.74.0/src/leadvertisementadaptor.h Examining data/bluez-qt-5.74.0/src/types.h Examining data/bluez-qt-5.74.0/src/leadvertisingmanager_p.h Examining data/bluez-qt-5.74.0/src/input_p.h Examining data/bluez-qt-5.74.0/src/gattapplication_p.h Examining data/bluez-qt-5.74.0/src/gattmanager.h Examining data/bluez-qt-5.74.0/src/gattcharacteristicadaptor.cpp Examining data/bluez-qt-5.74.0/src/device_p.cpp Examining data/bluez-qt-5.74.0/src/gattcharacteristic_p.h Examining data/bluez-qt-5.74.0/src/initobexmanagerjob.h Examining data/bluez-qt-5.74.0/src/gattcharacteristic_p.cpp Examining data/bluez-qt-5.74.0/src/mediaendpoint.cpp Examining data/bluez-qt-5.74.0/src/gattservice_p.h Examining data/bluez-qt-5.74.0/src/obexmanager_p.h Examining data/bluez-qt-5.74.0/src/gattapplication.cpp Examining data/bluez-qt-5.74.0/src/device_p.h Examining data/bluez-qt-5.74.0/src/agent.cpp Examining data/bluez-qt-5.74.0/src/adapter.cpp Examining data/bluez-qt-5.74.0/src/mediatransport.cpp Examining data/bluez-qt-5.74.0/src/bluezqt_dbustypes.h Examining data/bluez-qt-5.74.0/src/profileadaptor.cpp Examining data/bluez-qt-5.74.0/src/mediaendpointadaptor.h Examining data/bluez-qt-5.74.0/src/device.h Examining data/bluez-qt-5.74.0/src/profile_p.h Examining data/bluez-qt-5.74.0/src/pendingcall.cpp Examining data/bluez-qt-5.74.0/src/utils.cpp Examining data/bluez-qt-5.74.0/src/adapter_p.cpp Examining data/bluez-qt-5.74.0/src/gattcharacteristic.h Examining data/bluez-qt-5.74.0/src/devicesmodel.cpp Examining data/bluez-qt-5.74.0/src/obexfiletransferentry.h Examining data/bluez-qt-5.74.0/src/device.cpp Examining data/bluez-qt-5.74.0/src/obexobjectpush.h Examining data/bluez-qt-5.74.0/src/leadvertisingmanager.h Examining data/bluez-qt-5.74.0/src/job_p.h Examining data/bluez-qt-5.74.0/src/rfkill.h Examining data/bluez-qt-5.74.0/src/input.h Examining data/bluez-qt-5.74.0/src/initobexmanagerjob.cpp Examining data/bluez-qt-5.74.0/src/leadvertisement.cpp Examining data/bluez-qt-5.74.0/src/media.cpp Examining data/bluez-qt-5.74.0/src/mediaplayer_p.cpp Examining data/bluez-qt-5.74.0/src/leadvertisementadaptor.cpp Examining data/bluez-qt-5.74.0/src/gattmanager_p.cpp Examining data/bluez-qt-5.74.0/src/leadvertisingmanager.cpp Examining data/bluez-qt-5.74.0/src/battery.cpp Examining data/bluez-qt-5.74.0/src/obexfiletransfer.cpp Examining data/bluez-qt-5.74.0/src/manager_p.h Examining data/bluez-qt-5.74.0/src/obexagentadaptor.cpp Examining data/bluez-qt-5.74.0/src/adapter.h Examining data/bluez-qt-5.74.0/src/leadvertisement.h Examining data/bluez-qt-5.74.0/src/agent.h Examining data/bluez-qt-5.74.0/src/manager.cpp Examining data/bluez-qt-5.74.0/src/obexsession_p.h Examining data/bluez-qt-5.74.0/src/profile.h Examining data/bluez-qt-5.74.0/src/obexagent.h Examining data/bluez-qt-5.74.0/src/macros.h Examining data/bluez-qt-5.74.0/src/manager.h Examining data/bluez-qt-5.74.0/src/mediaendpoint_p.cpp Examining data/bluez-qt-5.74.0/src/mediaplayertrack.h Examining data/bluez-qt-5.74.0/src/a2dp-codecs.c Examining data/bluez-qt-5.74.0/src/manager_p.cpp Examining data/bluez-qt-5.74.0/src/profile.cpp Examining data/bluez-qt-5.74.0/src/obexobjectpush.cpp Examining data/bluez-qt-5.74.0/src/leadvertisement_p.cpp Examining data/bluez-qt-5.74.0/src/obexfiletransferentry.cpp Examining data/bluez-qt-5.74.0/src/mediatransport.h Examining data/bluez-qt-5.74.0/src/gattservice.cpp Examining data/bluez-qt-5.74.0/src/gattmanager_p.h Examining data/bluez-qt-5.74.0/src/profileadaptor.h Examining data/bluez-qt-5.74.0/src/mediatransport_p.h Examining data/bluez-qt-5.74.0/src/job.h Examining data/bluez-qt-5.74.0/src/request.cpp Examining data/bluez-qt-5.74.0/src/devicesmodel.h FINAL RESULTS: data/bluez-qt-5.74.0/src/rfkill.cpp:117:18: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). m_readFd = ::open("/dev/rfkill", O_RDONLY | O_CLOEXEC); data/bluez-qt-5.74.0/src/rfkill.cpp:146:19: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). m_writeFd = ::open("/dev/rfkill", O_WRONLY | O_CLOEXEC); data/bluez-qt-5.74.0/tools/bluezapi2qt/CppGenerator.cpp:39:19: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if (!file.open(QIODevice::WriteOnly | QIODevice::Text)) { data/bluez-qt-5.74.0/tools/bluezapi2qt/CppGenerator.cpp:124:19: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if (!file.open(QIODevice::WriteOnly | QIODevice::Text)) { data/bluez-qt-5.74.0/tools/bluezapi2qt/XmlGenerator.cpp:33:19: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if (!file.open(QIODevice::WriteOnly | QIODevice::Text)) { data/bluez-qt-5.74.0/tools/bluezapi2qt/main.cpp:73:15: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if (!file.open(QIODevice::ReadOnly | QIODevice::Text)) { data/bluez-qt-5.74.0/src/rfkill.cpp:183:14: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). while (::read(m_readFd, &event, sizeof(event)) == sizeof(event)) { ANALYSIS SUMMARY: Hits = 7 Lines analyzed = 23665 in approximately 0.59 seconds (40239 lines/second) Physical Source Lines of Code (SLOC) = 14802 Hits@level = [0] 0 [1] 1 [2] 6 [3] 0 [4] 0 [5] 0 Hits@level+ = [0+] 7 [1+] 7 [2+] 6 [3+] 0 [4+] 0 [5+] 0 Hits/KSLOC@level+ = [0+] 0.472909 [1+] 0.472909 [2+] 0.405351 [3+] 0 [4+] 0 [5+] 0 Dot directories skipped = 1 (--followdotdir overrides) Minimum risk level = 1 Not every hit is necessarily a security vulnerability. There may be other security vulnerabilities; review your code! See 'Secure Programming HOWTO' (https://dwheeler.com/secure-programs) for more information.