Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/colord-kde-0.5.0/colord-kded/XEventHandler.cpp
Examining data/colord-kde-0.5.0/colord-kded/ColorD.h
Examining data/colord-kde-0.5.0/colord-kded/Edid.h
Examining data/colord-kde-0.5.0/colord-kded/ColorD.cpp
Examining data/colord-kde-0.5.0/colord-kded/ProfileUtils.cpp
Examining data/colord-kde-0.5.0/colord-kded/ProfileUtils.h
Examining data/colord-kde-0.5.0/colord-kded/XEventHandler.h
Examining data/colord-kde-0.5.0/colord-kded/Edid.cpp
Examining data/colord-kde-0.5.0/colord-kded/Output.h
Examining data/colord-kde-0.5.0/colord-kded/DmiUtils.cpp
Examining data/colord-kde-0.5.0/colord-kded/DmiUtils.h
Examining data/colord-kde-0.5.0/colord-kded/ProfilesWatcher.cpp
Examining data/colord-kde-0.5.0/colord-kded/ProfilesWatcher.h
Examining data/colord-kde-0.5.0/colord-kded/Output.cpp
Examining data/colord-kde-0.5.0/dataengine/ColordServiceJob.h
Examining data/colord-kde-0.5.0/dataengine/ColordService.h
Examining data/colord-kde-0.5.0/dataengine/ColordServiceJob.cpp
Examining data/colord-kde-0.5.0/dataengine/ColordEngine.h
Examining data/colord-kde-0.5.0/dataengine/ColordService.cpp
Examining data/colord-kde-0.5.0/dataengine/ColordEngine.cpp
Examining data/colord-kde-0.5.0/colord-kcm/ProfileMetaData.cpp
Examining data/colord-kde-0.5.0/colord-kcm/ProfileNamedColors.cpp
Examining data/colord-kde-0.5.0/colord-kcm/ColordKCM.h
Examining data/colord-kde-0.5.0/colord-kcm/ProfileModel.h
Examining data/colord-kde-0.5.0/colord-kcm/ProfileNamedColors.h
Examining data/colord-kde-0.5.0/colord-kcm/Description.h
Examining data/colord-kde-0.5.0/colord-kcm/NoSelectionRectDelegate.h
Examining data/colord-kde-0.5.0/colord-kcm/DeviceModel.h
Examining data/colord-kde-0.5.0/colord-kcm/Profile.h
Examining data/colord-kde-0.5.0/colord-kcm/ProfileModel.cpp
Examining data/colord-kde-0.5.0/colord-kcm/Description.cpp
Examining data/colord-kde-0.5.0/colord-kcm/DeviceModel.cpp
Examining data/colord-kde-0.5.0/colord-kcm/Profile.cpp
Examining data/colord-kde-0.5.0/colord-kcm/ProfileMetaData.h
Examining data/colord-kde-0.5.0/colord-kcm/NoSelectionRectDelegate.cpp
Examining data/colord-kde-0.5.0/colord-kcm/ColordKCM.cpp
Examining data/colord-kde-0.5.0/icc-importer/main.cpp
Examining data/colord-kde-0.5.0/xlibandxrandr.h
Examining data/colord-kde-0.5.0/dbus-types.h
FINAL RESULTS:
data/colord-kde-0.5.0/colord-kcm/Description.cpp:126:40: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
ui->createdL->setText(QLocale::system().toString(createdDT, QLocale::LongFormat));
data/colord-kde-0.5.0/colord-kcm/Profile.cpp:46:18: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (file.open(QIODevice::ReadOnly)) {
data/colord-kde-0.5.0/colord-kcm/Profile.cpp:449:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[cmsMAX_PATH];
data/colord-kde-0.5.0/colord-kcm/Profile.cpp:450:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char prefix[33];
data/colord-kde-0.5.0/colord-kcm/Profile.cpp:451:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char suffix[33];
data/colord-kde-0.5.0/colord-kded/ColorD.cpp:296:14: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (file.open(QIODevice::ReadOnly)) {
data/colord-kde-0.5.0/colord-kded/DmiUtils.cpp:35:18: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (file.open(QIODevice::ReadOnly)) {
data/colord-kde-0.5.0/colord-kded/DmiUtils.cpp:58:18: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (file.open(QIODevice::ReadOnly)) {
data/colord-kde-0.5.0/colord-kded/Edid.cpp:198:20: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (pnpIds.open(QIODevice::ReadOnly)) {
data/colord-kde-0.5.0/colord-kded/Output.cpp:227:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(result, prop, nitems);
data/colord-kde-0.5.0/colord-kded/ProfilesWatcher.cpp:107:18: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!profile.open(QIODevice::ReadOnly)) {
ANALYSIS SUMMARY:
Hits = 11
Lines analyzed = 5827 in approximately 0.19 seconds (30485 lines/second)
Physical Source Lines of Code (SLOC) = 3867
Hits@level = [0] 0 [1] 0 [2] 10 [3] 0 [4] 1 [5] 0
Hits@level+ = [0+] 11 [1+] 11 [2+] 11 [3+] 1 [4+] 1 [5+] 0
Hits/KSLOC@level+ = [0+] 2.84458 [1+] 2.84458 [2+] 2.84458 [3+] 0.258598 [4+] 0.258598 [5+] 0
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.