Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/elisa-player-20.08.2/autotests/managemediaplayercontroltest.h
Examining data/elisa-player-20.08.2/autotests/managemediaplayercontroltest.cpp
Examining data/elisa-player-20.08.2/autotests/databaseinterfacetest.cpp
Examining data/elisa-player-20.08.2/autotests/mediaplaylistproxymodeltest.cpp
Examining data/elisa-player-20.08.2/autotests/localfilelistingtest.cpp
Examining data/elisa-player-20.08.2/autotests/databasetestdata.h
Examining data/elisa-player-20.08.2/autotests/albummodeltest.cpp
Examining data/elisa-player-20.08.2/autotests/elisaqmltestplugin.cpp
Examining data/elisa-player-20.08.2/autotests/viewmanagertest.cpp
Examining data/elisa-player-20.08.2/autotests/trackslistenertest.cpp
Examining data/elisa-player-20.08.2/autotests/datamodeltest.cpp
Examining data/elisa-player-20.08.2/autotests/mediaplaylisttest.cpp
Examining data/elisa-player-20.08.2/autotests/viewsmodeltest.cpp
Examining data/elisa-player-20.08.2/autotests/elisaqmltests.cpp
Examining data/elisa-player-20.08.2/autotests/elisaqmltestplugin.h
Examining data/elisa-player-20.08.2/autotests/mediaplaylisttest.h
Examining data/elisa-player-20.08.2/autotests/manageheaderbartest.cpp
Examining data/elisa-player-20.08.2/autotests/filewritertest.cpp
Examining data/elisa-player-20.08.2/autotests/mediaplaylistproxymodeltest.h
Examining data/elisa-player-20.08.2/autotests/manageaudioplayertest.cpp
Examining data/elisa-player-20.08.2/autotests/trackmetadatamodeltest.cpp
Examining data/elisa-player-20.08.2/autotests/manageheaderbartest.h
Examining data/elisa-player-20.08.2/autotests/filescannertest.cpp
Examining data/elisa-player-20.08.2/autotests/manageaudioplayertest.h
Examining data/elisa-player-20.08.2/autotests/elisaapplicationtest.cpp
Examining data/elisa-player-20.08.2/src/managemediaplayercontrol.cpp
Examining data/elisa-player-20.08.2/src/viewmanager.cpp
Examining data/elisa-player-20.08.2/src/elisaimport.cpp
Examining data/elisa-player-20.08.2/src/mediaplaylist.cpp
Examining data/elisa-player-20.08.2/src/elisaarguments.h
Examining data/elisa-player-20.08.2/src/modeldataloader.cpp
Examining data/elisa-player-20.08.2/src/audiowrapper.h
Examining data/elisa-player-20.08.2/src/trackslistener.cpp
Examining data/elisa-player-20.08.2/src/elisautils.h
Examining data/elisa-player-20.08.2/src/musiclistenersmanager.cpp
Examining data/elisa-player-20.08.2/src/viewconfigurationdata.h
Examining data/elisa-player-20.08.2/src/manageheaderbar.h
Examining data/elisa-player-20.08.2/src/file/filelistener.h
Examining data/elisa-player-20.08.2/src/file/filelistener.cpp
Examining data/elisa-player-20.08.2/src/file/localfilelisting.h
Examining data/elisa-player-20.08.2/src/file/localfilelisting.cpp
Examining data/elisa-player-20.08.2/src/elisaapplication.h
Examining data/elisa-player-20.08.2/src/elisautils.cpp
Examining data/elisa-player-20.08.2/src/android/androidmusiclistener.h
Examining data/elisa-player-20.08.2/src/android/androidmusiclistener.cpp
Examining data/elisa-player-20.08.2/src/models/viewsproxymodel.h
Examining data/elisa-player-20.08.2/src/models/filebrowserproxymodel.cpp
Examining data/elisa-player-20.08.2/src/models/trackcontextmetadatamodel.h
Examining data/elisa-player-20.08.2/src/models/viewsproxymodel.cpp
Examining data/elisa-player-20.08.2/src/models/filebrowsermodel.h
Examining data/elisa-player-20.08.2/src/models/viewsmodel.cpp
Examining data/elisa-player-20.08.2/src/models/datamodel.cpp
Examining data/elisa-player-20.08.2/src/models/gridviewproxymodel.cpp
Examining data/elisa-player-20.08.2/src/models/trackmetadatamodel.cpp
Examining data/elisa-player-20.08.2/src/models/editabletrackmetadatamodel.h
Examining data/elisa-player-20.08.2/src/models/viewsmodel.h
Examining data/elisa-player-20.08.2/src/models/trackmetadatamodel.h
Examining data/elisa-player-20.08.2/src/models/filebrowserproxymodel.h
Examining data/elisa-player-20.08.2/src/models/filebrowsermodel.cpp
Examining data/elisa-player-20.08.2/src/models/editabletrackmetadatamodel.cpp
Examining data/elisa-player-20.08.2/src/models/gridviewproxymodel.h
Examining data/elisa-player-20.08.2/src/models/abstractmediaproxymodel.h
Examining data/elisa-player-20.08.2/src/models/trackcontextmetadatamodel.cpp
Examining data/elisa-player-20.08.2/src/models/abstractmediaproxymodel.cpp
Examining data/elisa-player-20.08.2/src/models/datamodel.h
Examining data/elisa-player-20.08.2/src/filewriter.h
Examining data/elisa-player-20.08.2/src/embeddedcoverageimageprovider.cpp
Examining data/elisa-player-20.08.2/src/managemediaplayercontrol.h
Examining data/elisa-player-20.08.2/src/audiowrapper_qtmultimedia.cpp
Examining data/elisa-player-20.08.2/src/databaseinterface.cpp
Examining data/elisa-player-20.08.2/src/modeldataloader.h
Examining data/elisa-player-20.08.2/src/audiowrapper_libvlc.cpp
Examining data/elisa-player-20.08.2/src/localFileConfiguration/elisaconfigurationdialog.cpp
Examining data/elisa-player-20.08.2/src/localFileConfiguration/elisaconfigurationdialog.h
Examining data/elisa-player-20.08.2/src/mediaplaylistproxymodel.h
Examining data/elisa-player-20.08.2/src/databaseinterface.h
Examining data/elisa-player-20.08.2/src/mediaplaylist.h
Examining data/elisa-player-20.08.2/src/viewslistdata.h
Examining data/elisa-player-20.08.2/src/mpris2/mediaplayer2.h
Examining data/elisa-player-20.08.2/src/mpris2/mediaplayer2player.cpp
Examining data/elisa-player-20.08.2/src/mpris2/mpris2.h
Examining data/elisa-player-20.08.2/src/mpris2/mediaplayer2.cpp
Examining data/elisa-player-20.08.2/src/mpris2/mediaplayer2player.h
Examining data/elisa-player-20.08.2/src/mpris2/mpris2.cpp
Examining data/elisa-player-20.08.2/src/datatypes.cpp
Examining data/elisa-player-20.08.2/src/upnp/didlparser.cpp
Examining data/elisa-player-20.08.2/src/upnp/upnpcontrolmediaserver.h
Examining data/elisa-player-20.08.2/src/upnp/upnpcontentdirectorymodel.h
Examining data/elisa-player-20.08.2/src/upnp/upnpdiscoverallmusic.cpp
Examining data/elisa-player-20.08.2/src/upnp/upnpcontrolconnectionmanager.cpp
Examining data/elisa-player-20.08.2/src/upnp/didlparser.h
Examining data/elisa-player-20.08.2/src/upnp/upnplistener.cpp
Examining data/elisa-player-20.08.2/src/upnp/upnpcontrolcontentdirectory.cpp
Examining data/elisa-player-20.08.2/src/upnp/upnpcontrolcontentdirectory.h
Examining data/elisa-player-20.08.2/src/upnp/upnpcontrolconnectionmanager.h
Examining data/elisa-player-20.08.2/src/upnp/upnpdiscoverallmusic.h
Examining data/elisa-player-20.08.2/src/upnp/upnplistener.h
Examining data/elisa-player-20.08.2/src/upnp/upnpcontrolmediaserver.cpp
Examining data/elisa-player-20.08.2/src/upnp/upnpcontentdirectorymodel.cpp
Examining data/elisa-player-20.08.2/src/viewslistdata.cpp
Examining data/elisa-player-20.08.2/src/datatypes.h
Examining data/elisa-player-20.08.2/src/elisaapplication.cpp
Examining data/elisa-player-20.08.2/src/elisaarguments.cpp
Examining data/elisa-player-20.08.2/src/filewriter.cpp
Examining data/elisa-player-20.08.2/src/viewmanager.h
Examining data/elisa-player-20.08.2/src/main.cpp
Examining data/elisa-player-20.08.2/src/elisaimportapplication.h
Examining data/elisa-player-20.08.2/src/embeddedcoverageimageprovider.h
Examining data/elisa-player-20.08.2/src/baloo/localbaloofilelisting.cpp
Examining data/elisa-player-20.08.2/src/baloo/baloodetector.cpp
Examining data/elisa-player-20.08.2/src/baloo/localbaloofilelisting.h
Examining data/elisa-player-20.08.2/src/baloo/baloolistener.cpp
Examining data/elisa-player-20.08.2/src/baloo/baloolistener.h
Examining data/elisa-player-20.08.2/src/baloo/baloodetector.h
Examining data/elisa-player-20.08.2/src/filescanner.h
Examining data/elisa-player-20.08.2/src/elisaqmlplugin.h
Examining data/elisa-player-20.08.2/src/elisaqmlplugin.cpp
Examining data/elisa-player-20.08.2/src/mediaplaylistproxymodel.cpp
Examining data/elisa-player-20.08.2/src/manageaudioplayer.cpp
Examining data/elisa-player-20.08.2/src/manageaudioplayer.h
Examining data/elisa-player-20.08.2/src/filescanner.cpp
Examining data/elisa-player-20.08.2/src/manageheaderbar.cpp
Examining data/elisa-player-20.08.2/src/elisaimportapplication.cpp
Examining data/elisa-player-20.08.2/src/progressindicator.cpp
Examining data/elisa-player-20.08.2/src/abstractfile/abstractfilelisting.h
Examining data/elisa-player-20.08.2/src/abstractfile/abstractfilelistener.h
Examining data/elisa-player-20.08.2/src/abstractfile/abstractfilelistener.cpp
Examining data/elisa-player-20.08.2/src/abstractfile/abstractfilelisting.cpp
Examining data/elisa-player-20.08.2/src/viewconfigurationdata.cpp
Examining data/elisa-player-20.08.2/src/musiclistenersmanager.h
Examining data/elisa-player-20.08.2/src/powermanagementinterface.cpp
Examining data/elisa-player-20.08.2/src/powermanagementinterface.h
Examining data/elisa-player-20.08.2/src/trackslistener.h
Examining data/elisa-player-20.08.2/src/progressindicator.h
FINAL RESULTS:
data/elisa-player-20.08.2/src/mediaplaylistproxymodel.cpp:314:42: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
d->mRandomMapping.insert(random, start + i);
data/elisa-player-20.08.2/src/mediaplaylistproxymodel.cpp:321:41: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
beginInsertRows(parent, random, random);
data/elisa-player-20.08.2/src/mediaplaylistproxymodel.cpp:321:49: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
beginInsertRows(parent, random, random);
data/elisa-player-20.08.2/src/mediaplaylistproxymodel.cpp:322:42: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
d->mRandomMapping.insert(random, start + i);
data/elisa-player-20.08.2/autotests/databaseinterfacetest.cpp:81:22: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
databaseFile.open();
data/elisa-player-20.08.2/autotests/databaseinterfacetest.cpp:177:22: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
databaseFile.open();
data/elisa-player-20.08.2/autotests/databaseinterfacetest.cpp:559:22: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
databaseFile.open();
data/elisa-player-20.08.2/autotests/databaseinterfacetest.cpp:821:22: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
databaseFile.open();
data/elisa-player-20.08.2/autotests/databaseinterfacetest.cpp:944:22: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
databaseFile.open();
data/elisa-player-20.08.2/autotests/databaseinterfacetest.cpp:998:24: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
myTempDatabase.open();
data/elisa-player-20.08.2/autotests/databaseinterfacetest.cpp:1050:24: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
myTempDatabase.open();
data/elisa-player-20.08.2/autotests/databaseinterfacetest.cpp:1523:24: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
myDatabaseFile.open();
data/elisa-player-20.08.2/autotests/databaseinterfacetest.cpp:1982:22: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
databaseFile.open();
data/elisa-player-20.08.2/autotests/databaseinterfacetest.cpp:2098:22: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
databaseFile.open();
data/elisa-player-20.08.2/autotests/databaseinterfacetest.cpp:2254:22: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
databaseFile.open();
data/elisa-player-20.08.2/autotests/databaseinterfacetest.cpp:2519:22: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
databaseFile.open();
data/elisa-player-20.08.2/autotests/databaseinterfacetest.cpp:2710:22: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
databaseFile.open();
data/elisa-player-20.08.2/autotests/databaseinterfacetest.cpp:2901:22: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
databaseFile.open();
data/elisa-player-20.08.2/autotests/databaseinterfacetest.cpp:3227:22: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
databaseFile.open();
data/elisa-player-20.08.2/autotests/databaseinterfacetest.cpp:3472:22: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
databaseFile.open();
data/elisa-player-20.08.2/autotests/databaseinterfacetest.cpp:3555:22: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
databaseFile.open();
data/elisa-player-20.08.2/autotests/databaseinterfacetest.cpp:3654:22: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
databaseFile.open();
data/elisa-player-20.08.2/autotests/databaseinterfacetest.cpp:3766:22: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
databaseFile.open();
data/elisa-player-20.08.2/autotests/databaseinterfacetest.cpp:3907:22: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
databaseFile.open();
data/elisa-player-20.08.2/autotests/databaseinterfacetest.cpp:4004:22: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
databaseFile.open();
data/elisa-player-20.08.2/autotests/databaseinterfacetest.cpp:4111:22: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
databaseFile.open();
data/elisa-player-20.08.2/autotests/databaseinterfacetest.cpp:4857:22: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
databaseFile.open();
data/elisa-player-20.08.2/autotests/databaseinterfacetest.cpp:4934:22: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
databaseFile.open();
data/elisa-player-20.08.2/autotests/databaseinterfacetest.cpp:5083:22: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
databaseFile.open();
data/elisa-player-20.08.2/autotests/databaseinterfacetest.cpp:5174:22: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
databaseFile.open();
data/elisa-player-20.08.2/autotests/databaseinterfacetest.cpp:5243:22: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
databaseFile.open();
data/elisa-player-20.08.2/autotests/datamodeltest.cpp:1229:22: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
databaseFile.open();
data/elisa-player-20.08.2/autotests/datamodeltest.cpp:1290:22: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
databaseFile.open();
data/elisa-player-20.08.2/autotests/datamodeltest.cpp:1351:22: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
databaseFile.open();
data/elisa-player-20.08.2/autotests/datamodeltest.cpp:1413:22: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
databaseFile.open();
data/elisa-player-20.08.2/autotests/mediaplaylistproxymodeltest.cpp:1153:18: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
playlistFile.open();
data/elisa-player-20.08.2/autotests/mediaplaylisttest.cpp:2309:18: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
databaseFile.open();
data/elisa-player-20.08.2/autotests/trackmetadatamodeltest.cpp:72:22: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
databaseFile.open();
data/elisa-player-20.08.2/src/databaseinterface.cpp:323:34: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
auto result = tracksDatabase.open();
data/elisa-player-20.08.2/src/elisaapplication.cpp:304:27: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
currentConfiguration->read();
data/elisa-player-20.08.2/src/musiclistenersmanager.cpp:323:27: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
currentConfiguration->read();
ANALYSIS SUMMARY:
Hits = 41
Lines analyzed = 60347 in approximately 1.54 seconds (39203 lines/second)
Physical Source Lines of Code (SLOC) = 47810
Hits@level = [0] 0 [1] 2 [2] 35 [3] 4 [4] 0 [5] 0
Hits@level+ = [0+] 41 [1+] 41 [2+] 39 [3+] 4 [4+] 0 [5+] 0
Hits/KSLOC@level+ = [0+] 0.857561 [1+] 0.857561 [2+] 0.815729 [3+] 0.0836645 [4+] 0 [5+] 0
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.