Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/cen64-qt-20200219-alpha/src/roms/romcollection.cpp
Examining data/cen64-qt-20200219-alpha/src/roms/thegamesdbscraper.cpp
Examining data/cen64-qt-20200219-alpha/src/roms/thegamesdbscraper.h
Examining data/cen64-qt-20200219-alpha/src/roms/romcollection.h
Examining data/cen64-qt-20200219-alpha/src/mainwindow.h
Examining data/cen64-qt-20200219-alpha/src/global.h
Examining data/cen64-qt-20200219-alpha/src/common.cpp
Examining data/cen64-qt-20200219-alpha/src/mainwindow.cpp
Examining data/cen64-qt-20200219-alpha/src/views/tableview.cpp
Examining data/cen64-qt-20200219-alpha/src/views/listview.h
Examining data/cen64-qt-20200219-alpha/src/views/gridview.h
Examining data/cen64-qt-20200219-alpha/src/views/tableview.h
Examining data/cen64-qt-20200219-alpha/src/views/ddview.h
Examining data/cen64-qt-20200219-alpha/src/views/listview.cpp
Examining data/cen64-qt-20200219-alpha/src/views/widgets/clickablewidget.cpp
Examining data/cen64-qt-20200219-alpha/src/views/widgets/treewidgetitem.h
Examining data/cen64-qt-20200219-alpha/src/views/widgets/clickablewidget.h
Examining data/cen64-qt-20200219-alpha/src/views/widgets/treewidgetitem.cpp
Examining data/cen64-qt-20200219-alpha/src/views/ddview.cpp
Examining data/cen64-qt-20200219-alpha/src/views/gridview.cpp
Examining data/cen64-qt-20200219-alpha/src/dialogs/downloaddialog.cpp
Examining data/cen64-qt-20200219-alpha/src/dialogs/downloaddialog.h
Examining data/cen64-qt-20200219-alpha/src/dialogs/v64converter.cpp
Examining data/cen64-qt-20200219-alpha/src/dialogs/settingsdialog.h
Examining data/cen64-qt-20200219-alpha/src/dialogs/logdialog.h
Examining data/cen64-qt-20200219-alpha/src/dialogs/settingsdialog.cpp
Examining data/cen64-qt-20200219-alpha/src/dialogs/aboutdialog.cpp
Examining data/cen64-qt-20200219-alpha/src/dialogs/aboutdialog.h
Examining data/cen64-qt-20200219-alpha/src/dialogs/logdialog.cpp
Examining data/cen64-qt-20200219-alpha/src/dialogs/v64converter.h
Examining data/cen64-qt-20200219-alpha/src/main.cpp
Examining data/cen64-qt-20200219-alpha/src/common.h
Examining data/cen64-qt-20200219-alpha/src/emulation/emulatorhandler.cpp
Examining data/cen64-qt-20200219-alpha/src/emulation/emulatorhandler.h
FINAL RESULTS:
data/cen64-qt-20200219-alpha/src/common.cpp:119:39: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
QString systemLanguage = QLocale::system().name().left(2);
data/cen64-qt-20200219-alpha/src/common.cpp:360:17: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
versionFile.open(QIODevice::ReadOnly);
data/cen64-qt-20200219-alpha/src/common.cpp:371:13: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
zipFile.open(QuaZip::mdUnzip);
data/cen64-qt-20200219-alpha/src/common.cpp:383:16: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
zippedFile.open(QIODevice::ReadOnly);
data/cen64-qt-20200219-alpha/src/dialogs/aboutdialog.cpp:54:17: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
licenseFile.open(QIODevice::ReadOnly);
data/cen64-qt-20200219-alpha/src/dialogs/v64converter.cpp:64:9: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
v64.open(QIODevice::ReadOnly);
data/cen64-qt-20200219-alpha/src/dialogs/v64converter.cpp:74:13: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
z64.open(QIODevice::WriteOnly);
data/cen64-qt-20200219-alpha/src/emulation/emulatorhandler.cpp:174:21: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
tempRom.open(QIODevice::WriteOnly);
data/cen64-qt-20200219-alpha/src/emulation/emulatorhandler.cpp:249:17: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
romFile.open(QIODevice::ReadOnly);
data/cen64-qt-20200219-alpha/src/emulation/emulatorhandler.cpp:273:16: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
ddFile.open(QIODevice::ReadOnly);
data/cen64-qt-20200219-alpha/src/emulation/emulatorhandler.cpp:307:25: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
romFile.open(QIODevice::ReadOnly);
data/cen64-qt-20200219-alpha/src/roms/romcollection.cpp:120:14: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
database.open();
data/cen64-qt-20200219-alpha/src/roms/romcollection.cpp:166:26: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
file.open(QIODevice::ReadOnly);
data/cen64-qt-20200219-alpha/src/roms/romcollection.cpp:223:14: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
database.open();
data/cen64-qt-20200219-alpha/src/roms/romcollection.cpp:399:14: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
file.open(QIODevice::ReadOnly);
data/cen64-qt-20200219-alpha/src/roms/romcollection.cpp:462:19: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!database.open())
data/cen64-qt-20200219-alpha/src/roms/thegamesdbscraper.cpp:67:15: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
cacheFile.open(QIODevice::ReadOnly);
data/cen64-qt-20200219-alpha/src/roms/thegamesdbscraper.cpp:83:23: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
cacheFile.open(QIODevice::ReadOnly);
data/cen64-qt-20200219-alpha/src/roms/thegamesdbscraper.cpp:124:14: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
file.open(QIODevice::WriteOnly);
data/cen64-qt-20200219-alpha/src/roms/thegamesdbscraper.cpp:140:18: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
coverJPG.open(QIODevice::WriteOnly);
data/cen64-qt-20200219-alpha/src/roms/thegamesdbscraper.cpp:313:22: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
file.open(QIODevice::WriteOnly);
data/cen64-qt-20200219-alpha/src/roms/thegamesdbscraper.cpp:340:18: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
file.open(QIODevice::ReadOnly);
data/cen64-qt-20200219-alpha/src/roms/thegamesdbscraper.cpp:359:23: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
cover.open(QIODevice::WriteOnly);
data/cen64-qt-20200219-alpha/src/roms/thegamesdbscraper.cpp:448:15: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
file->open(QIODevice::WriteOnly);
data/cen64-qt-20200219-alpha/src/dialogs/v64converter.cpp:66:26: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
QString v64Check(v64.read(4).toHex()), message;
data/cen64-qt-20200219-alpha/src/dialogs/v64converter.cpp:81:24: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
data = v64.read(1024);
data/cen64-qt-20200219-alpha/src/emulation/emulatorhandler.cpp:250:39: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
QByteArray romCheck = romFile.read(4);
data/cen64-qt-20200219-alpha/src/emulation/emulatorhandler.cpp:274:38: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
QByteArray romCheck = ddFile.read(4);
ANALYSIS SUMMARY:
Hits = 28
Lines analyzed = 7035 in approximately 0.24 seconds (29929 lines/second)
Physical Source Lines of Code (SLOC) = 4524
Hits@level = [0] 0 [1] 4 [2] 23 [3] 0 [4] 1 [5] 0
Hits@level+ = [0+] 28 [1+] 28 [2+] 24 [3+] 1 [4+] 1 [5+] 0
Hits/KSLOC@level+ = [0+] 6.18921 [1+] 6.18921 [2+] 5.30504 [3+] 0.221043 [4+] 0.221043 [5+] 0
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.