Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/cervisia-20.04.2/watchdialog.cpp
Examining data/cervisia-20.04.2/editwithmenu.h
Examining data/cervisia-20.04.2/overview.h
Examining data/cervisia-20.04.2/addremovedialog.cpp
Examining data/cervisia-20.04.2/resolvedialog.cpp
Examining data/cervisia-20.04.2/updateview_visitors.cpp
Examining data/cervisia-20.04.2/loginfo.h
Examining data/cervisia-20.04.2/dirignorelist.h
Examining data/cervisia-20.04.2/logdialog.h
Examining data/cervisia-20.04.2/dirignorelist.cpp
Examining data/cervisia-20.04.2/tagdialog.h
Examining data/cervisia-20.04.2/checkoutdialog.cpp
Examining data/cervisia-20.04.2/progressdialog.cpp
Examining data/cervisia-20.04.2/misc.cpp
Examining data/cervisia-20.04.2/misc.h
Examining data/cervisia-20.04.2/diffdialog.cpp
Examining data/cervisia-20.04.2/watchersdialog.h
Examining data/cervisia-20.04.2/mergedialog.h
Examining data/cervisia-20.04.2/resolvedialog_p.h
Examining data/cervisia-20.04.2/logtree.cpp
Examining data/cervisia-20.04.2/annotateview.cpp
Examining data/cervisia-20.04.2/logmessageedit.cpp
Examining data/cervisia-20.04.2/logplainview.cpp
Examining data/cervisia-20.04.2/stringmatcher.h
Examining data/cervisia-20.04.2/updateview_visitors.h
Examining data/cervisia-20.04.2/logplainview.h
Examining data/cervisia-20.04.2/watchersmodel.h
Examining data/cervisia-20.04.2/changelogdialog.h
Examining data/cervisia-20.04.2/commitdialog.cpp
Examining data/cervisia-20.04.2/entry_status.cpp
Examining data/cervisia-20.04.2/cvsdir.cpp
Examining data/cervisia-20.04.2/updatedialog.cpp
Examining data/cervisia-20.04.2/watchersmodel.cpp
Examining data/cervisia-20.04.2/globalignorelist.h
Examining data/cervisia-20.04.2/tooltip.cpp
Examining data/cervisia-20.04.2/cervisiashell.h
Examining data/cervisia-20.04.2/entry.cpp
Examining data/cervisia-20.04.2/cervisiashell.cpp
Examining data/cervisia-20.04.2/addignoremenu.cpp
Examining data/cervisia-20.04.2/logdialog.cpp
Examining data/cervisia-20.04.2/ignorelistbase.h
Examining data/cervisia-20.04.2/entry_status_change.h
Examining data/cervisia-20.04.2/mergedialog.cpp
Examining data/cervisia-20.04.2/ignorelistbase.cpp
Examining data/cervisia-20.04.2/addignoremenu.h
Examining data/cervisia-20.04.2/commitdialog.h
Examining data/cervisia-20.04.2/debug.h
Examining data/cervisia-20.04.2/addrepositorydialog.cpp
Examining data/cervisia-20.04.2/tooltip.h
Examining data/cervisia-20.04.2/diffview.h
Examining data/cervisia-20.04.2/stringmatcher.cpp
Examining data/cervisia-20.04.2/settingsdialog.cpp
Examining data/cervisia-20.04.2/editwithmenu.cpp
Examining data/cervisia-20.04.2/checkoutdialog.h
Examining data/cervisia-20.04.2/historydialog.h
Examining data/cervisia-20.04.2/resolvedialog_p.cpp
Examining data/cervisia-20.04.2/patchoptiondialog.h
Examining data/cervisia-20.04.2/resolvedialog.h
Examining data/cervisia-20.04.2/protocolview.cpp
Examining data/cervisia-20.04.2/loginfo.cpp
Examining data/cervisia-20.04.2/changelogdialog.cpp
Examining data/cervisia-20.04.2/tagdialog.cpp
Examining data/cervisia-20.04.2/progressdialog.h
Examining data/cervisia-20.04.2/settingsdialog.h
Examining data/cervisia-20.04.2/updateview_items.cpp
Examining data/cervisia-20.04.2/main.cpp
Examining data/cervisia-20.04.2/historydialog.cpp
Examining data/cervisia-20.04.2/repositorydialog.cpp
Examining data/cervisia-20.04.2/updatedialog.h
Examining data/cervisia-20.04.2/loglist.h
Examining data/cervisia-20.04.2/updateview.cpp
Examining data/cervisia-20.04.2/watchdialog.h
Examining data/cervisia-20.04.2/debug.cpp
Examining data/cervisia-20.04.2/addrepositorydialog.h
Examining data/cervisia-20.04.2/annotatedialog.h
Examining data/cervisia-20.04.2/annotatecontroller.cpp
Examining data/cervisia-20.04.2/repositories.cpp
Examining data/cervisia-20.04.2/annotatedialog.cpp
Examining data/cervisia-20.04.2/watchersdialog.cpp
Examining data/cervisia-20.04.2/addremovedialog.h
Examining data/cervisia-20.04.2/entry_status.h
Examining data/cervisia-20.04.2/entry.h
Examining data/cervisia-20.04.2/protocolview.h
Examining data/cervisia-20.04.2/cvsdir.h
Examining data/cervisia-20.04.2/updateview_items.h
Examining data/cervisia-20.04.2/logtree.h
Examining data/cervisia-20.04.2/cervisiapart.cpp
Examining data/cervisia-20.04.2/qttableview.h
Examining data/cervisia-20.04.2/cervisiapart.h
Examining data/cervisia-20.04.2/annotatecontroller.h
Examining data/cervisia-20.04.2/diffdialog.h
Examining data/cervisia-20.04.2/repositorydialog.h
Examining data/cervisia-20.04.2/diffview.cpp
Examining data/cervisia-20.04.2/cvsinitdialog.h
Examining data/cervisia-20.04.2/logmessageedit.h
Examining data/cervisia-20.04.2/cvsservice/cvsservice.cpp
Examining data/cervisia-20.04.2/cvsservice/cvsjob.h
Examining data/cervisia-20.04.2/cvsservice/cvsaskpass.cpp
Examining data/cervisia-20.04.2/cvsservice/cvsserviceutils.cpp
Examining data/cervisia-20.04.2/cvsservice/cvsservice.h
Examining data/cervisia-20.04.2/cvsservice/repository.cpp
Examining data/cervisia-20.04.2/cvsservice/sshagent.h
Examining data/cervisia-20.04.2/cvsservice/cvsserviceutils.h
Examining data/cervisia-20.04.2/cvsservice/repository.h
Examining data/cervisia-20.04.2/cvsservice/main.cpp
Examining data/cervisia-20.04.2/cvsservice/cvsloginjob.h
Examining data/cervisia-20.04.2/cvsservice/sshagent.cpp
Examining data/cervisia-20.04.2/cvsservice/cvsloginjob.cpp
Examining data/cervisia-20.04.2/cvsservice/cvsjob.cpp
Examining data/cervisia-20.04.2/qttableview.cpp
Examining data/cervisia-20.04.2/annotateview.h
Examining data/cervisia-20.04.2/updateview.h
Examining data/cervisia-20.04.2/repositories.h
Examining data/cervisia-20.04.2/patchoptiondialog.cpp
Examining data/cervisia-20.04.2/cvsinitdialog.cpp
Examining data/cervisia-20.04.2/loglist.cpp
Examining data/cervisia-20.04.2/globalignorelist.cpp
FINAL RESULTS:
data/cervisia-20.04.2/addignoremenu.cpp:100:21: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if( !ignoreFile.open(QIODevice::WriteOnly | QIODevice::Append | QIODevice::Text) )
data/cervisia-20.04.2/cervisiapart.cpp:1418:12: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if( !f.open(QIODevice::WriteOnly) )
data/cervisia-20.04.2/changelogdialog.cpp:90:12: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!f.open(QIODevice::ReadWrite))
data/cervisia-20.04.2/changelogdialog.cpp:120:16: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!f.open(QIODevice::ReadWrite))
data/cervisia-20.04.2/commitdialog.cpp:300:15: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if( f.open(QIODevice::ReadOnly) )
data/cervisia-20.04.2/cvsservice/repository.cpp:157:18: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if( rootFile.open(QIODevice::ReadOnly) )
data/cervisia-20.04.2/diffdialog.cpp:511:12: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if( !f.open(QIODevice::WriteOnly) )
data/cervisia-20.04.2/diffview.cpp:453:19: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const char lineType(lineTypes[index]);
data/cervisia-20.04.2/globalignorelist.cpp:51:13: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
tmpFile.open();
data/cervisia-20.04.2/ignorelistbase.cpp:41:14: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if( file.open(QIODevice::ReadOnly) )
data/cervisia-20.04.2/logdialog.cpp:528:12: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if( !f.open(QIODevice::WriteOnly) )
data/cervisia-20.04.2/misc.cpp:146:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char hostname[512];
data/cervisia-20.04.2/misc.cpp:283:7: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
f.open();
data/cervisia-20.04.2/repositories.cpp:56:11: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (f.open(QIODevice::ReadOnly))
data/cervisia-20.04.2/repositories.cpp:85:14: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (file.open(QIODevice::ReadOnly))
data/cervisia-20.04.2/resolvedialog.cpp:381:12: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!f.open(QIODevice::WriteOnly))
data/cervisia-20.04.2/resolvedialog.cpp:404:12: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if( !f.open(QIODevice::ReadOnly) )
data/cervisia-20.04.2/updateview_items.cpp:265:11: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if( f.open(QIODevice::ReadOnly) )
data/cervisia-20.04.2/updateview_items.cpp:407:34: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
void UpdateDirItem::setOpen(bool open)
data/cervisia-20.04.2/updateview_items.cpp:409:10: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ( open )
data/cervisia-20.04.2/updateview_items.cpp:423:17: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
setExpanded(open);
ANALYSIS SUMMARY:
Hits = 21
Lines analyzed = 23203 in approximately 0.53 seconds (43421 lines/second)
Physical Source Lines of Code (SLOC) = 14358
Hits@level = [0] 0 [1] 0 [2] 21 [3] 0 [4] 0 [5] 0
Hits@level+ = [0+] 21 [1+] 21 [2+] 21 [3+] 0 [4+] 0 [5+] 0
Hits/KSLOC@level+ = [0+] 1.4626 [1+] 1.4626 [2+] 1.4626 [3+] 0 [4+] 0 [5+] 0
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.