Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/eqonomize-1.5.0/src/account.cpp
Examining data/eqonomize-1.5.0/src/account.h
Examining data/eqonomize-1.5.0/src/accountcombobox.cpp
Examining data/eqonomize-1.5.0/src/accountcombobox.h
Examining data/eqonomize-1.5.0/src/budget.cpp
Examining data/eqonomize-1.5.0/src/categoriescomparisonchart.cpp
Examining data/eqonomize-1.5.0/src/categoriescomparisonchart.h
Examining data/eqonomize-1.5.0/src/categoriescomparisonreport.cpp
Examining data/eqonomize-1.5.0/src/categoriescomparisonreport.h
Examining data/eqonomize-1.5.0/src/currencies.xml.h
Examining data/eqonomize-1.5.0/src/currency.cpp
Examining data/eqonomize-1.5.0/src/currency.h
Examining data/eqonomize-1.5.0/src/currencyconversiondialog.cpp
Examining data/eqonomize-1.5.0/src/currencyconversiondialog.h
Examining data/eqonomize-1.5.0/src/editaccountdialogs.cpp
Examining data/eqonomize-1.5.0/src/editaccountdialogs.h
Examining data/eqonomize-1.5.0/src/editcurrencydialog.cpp
Examining data/eqonomize-1.5.0/src/editcurrencydialog.h
Examining data/eqonomize-1.5.0/src/editscheduledtransactiondialog.cpp
Examining data/eqonomize-1.5.0/src/editscheduledtransactiondialog.h
Examining data/eqonomize-1.5.0/src/editsplitdialog.cpp
Examining data/eqonomize-1.5.0/src/editsplitdialog.h
Examining data/eqonomize-1.5.0/src/eqonomize.cpp
Examining data/eqonomize-1.5.0/src/eqonomize.h
Examining data/eqonomize-1.5.0/src/eqonomizelist.h
Examining data/eqonomize-1.5.0/src/eqonomizemonthselector.cpp
Examining data/eqonomize-1.5.0/src/eqonomizemonthselector.h
Examining data/eqonomize-1.5.0/src/eqonomizevalueedit.cpp
Examining data/eqonomize-1.5.0/src/eqonomizevalueedit.h
Examining data/eqonomize-1.5.0/src/importcsvdialog.cpp
Examining data/eqonomize-1.5.0/src/importcsvdialog.h
Examining data/eqonomize-1.5.0/src/ledgerdialog.cpp
Examining data/eqonomize-1.5.0/src/ledgerdialog.h
Examining data/eqonomize-1.5.0/src/main.cpp
Examining data/eqonomize-1.5.0/src/overtimechart.cpp
Examining data/eqonomize-1.5.0/src/overtimechart.h
Examining data/eqonomize-1.5.0/src/overtimereport.cpp
Examining data/eqonomize-1.5.0/src/overtimereport.h
Examining data/eqonomize-1.5.0/src/qifimportexport.cpp
Examining data/eqonomize-1.5.0/src/qifimportexport.h
Examining data/eqonomize-1.5.0/src/recurrence.cpp
Examining data/eqonomize-1.5.0/src/recurrence.h
Examining data/eqonomize-1.5.0/src/recurrenceeditwidget.cpp
Examining data/eqonomize-1.5.0/src/recurrenceeditwidget.h
Examining data/eqonomize-1.5.0/src/security.cpp
Examining data/eqonomize-1.5.0/src/security.h
Examining data/eqonomize-1.5.0/src/transaction.cpp
Examining data/eqonomize-1.5.0/src/transaction.h
Examining data/eqonomize-1.5.0/src/transactioneditwidget.cpp
Examining data/eqonomize-1.5.0/src/transactioneditwidget.h
Examining data/eqonomize-1.5.0/src/transactionfilterwidget.cpp
Examining data/eqonomize-1.5.0/src/transactionfilterwidget.h
Examining data/eqonomize-1.5.0/src/transactionlistwidget.cpp
Examining data/eqonomize-1.5.0/src/transactionlistwidget.h
Examining data/eqonomize-1.5.0/src/budget.h
FINAL RESULTS:
data/eqonomize-1.5.0/src/budget.cpp:443:11: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if(!file.open(QIODevice::ReadOnly | QIODevice::Text)) {
data/eqonomize-1.5.0/src/budget.cpp:704:8: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
ofile.open(QIODevice::WriteOnly);
data/eqonomize-1.5.0/src/budget.cpp:744:11: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if(!file.open(QIODevice::ReadOnly | QIODevice::Text)) {
data/eqonomize-1.5.0/src/budget.cpp:1462:11: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if(!file.open(QIODevice::ReadOnly | QIODevice::Text)) {
data/eqonomize-1.5.0/src/budget.cpp:1493:11: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if(!file.open(QIODevice::ReadOnly | QIODevice::Text)) {
data/eqonomize-1.5.0/src/budget.cpp:1530:7: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
file.open();
data/eqonomize-1.5.0/src/budget.cpp:1646:11: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if(!file.open(QIODevice::ReadOnly | QIODevice::Text)) {
data/eqonomize-1.5.0/src/budget.cpp:2322:8: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
ofile.open(QIODevice::WriteOnly);
data/eqonomize-1.5.0/src/categoriescomparisonchart.cpp:460:8: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
ofile.open(QIODevice::WriteOnly);
data/eqonomize-1.5.0/src/categoriescomparisonreport.cpp:592:8: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
ofile.open(QIODevice::WriteOnly);
data/eqonomize-1.5.0/src/eqonomize.cpp:1220:11: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if(!file.open(QIODevice::ReadOnly) ) {
data/eqonomize-1.5.0/src/eqonomize.cpp:1541:8: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
ofile.open(QIODevice::WriteOnly);
data/eqonomize-1.5.0/src/eqonomize.cpp:6107:7: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
file.open();
data/eqonomize-1.5.0/src/eqonomize.cpp:7395:8: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
ofile.open(QIODevice::WriteOnly);
data/eqonomize-1.5.0/src/importcsvdialog.cpp:1268:11: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if(!file.open(QIODevice::ReadOnly) ) {
data/eqonomize-1.5.0/src/ledgerdialog.cpp:879:8: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
ofile.open(QIODevice::WriteOnly);
data/eqonomize-1.5.0/src/overtimechart.cpp:1027:8: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
ofile.open(QIODevice::WriteOnly);
data/eqonomize-1.5.0/src/overtimereport.cpp:869:8: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
ofile.open(QIODevice::WriteOnly);
data/eqonomize-1.5.0/src/qifimportexport.cpp:266:12: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if(!file.open(QIODevice::ReadOnly) ) {
data/eqonomize-1.5.0/src/qifimportexport.cpp:411:11: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if(!file.open(QIODevice::ReadOnly) ) {
data/eqonomize-1.5.0/src/qifimportexport.cpp:563:8: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
ofile.open(QIODevice::WriteOnly);
ANALYSIS SUMMARY:
Hits = 21
Lines analyzed = 53352 in approximately 1.82 seconds (29317 lines/second)
Physical Source Lines of Code (SLOC) = 49159
Hits@level = [0] 0 [1] 0 [2] 21 [3] 0 [4] 0 [5] 0
Hits@level+ = [0+] 21 [1+] 21 [2+] 21 [3+] 0 [4+] 0 [5+] 0
Hits/KSLOC@level+ = [0+] 0.427185 [1+] 0.427185 [2+] 0.427185 [3+] 0 [4+] 0 [5+] 0
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.