Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/glogg-1.1.4/src/inotifywatchtowerdriver.h
Examining data/glogg-1.1.4/src/qtfilewatcher.cpp
Examining data/glogg-1.1.4/src/menuactiontooltipbehavior.cpp
Examining data/glogg-1.1.4/src/filewatcher.cpp
Examining data/glogg-1.1.4/src/loadingstatus.h
Examining data/glogg-1.1.4/src/externalcom.h
Examining data/glogg-1.1.4/src/infoline.cpp
Examining data/glogg-1.1.4/src/socketexternalcom.h
Examining data/glogg-1.1.4/src/optionsdialog.h
Examining data/glogg-1.1.4/src/signalmux.cpp
Examining data/glogg-1.1.4/src/quickfindpattern.cpp
Examining data/glogg-1.1.4/src/menuactiontooltipbehavior.h
Examining data/glogg-1.1.4/src/perfcounter.h
Examining data/glogg-1.1.4/src/dbusexternalcom.h
Examining data/glogg-1.1.4/src/winwatchtowerdriver.h
Examining data/glogg-1.1.4/src/recentfiles.h
Examining data/glogg-1.1.4/src/versionchecker.h
Examining data/glogg-1.1.4/src/persistentinfo.h
Examining data/glogg-1.1.4/src/main.cpp
Examining data/glogg-1.1.4/src/quickfindmux.h
Examining data/glogg-1.1.4/src/tabbedcrawlerwidget.h
Examining data/glogg-1.1.4/src/filewatcher.h
Examining data/glogg-1.1.4/src/watchtower.h
Examining data/glogg-1.1.4/src/quickfind.cpp
Examining data/glogg-1.1.4/src/viewtools.h
Examining data/glogg-1.1.4/src/dbuscontrol.h
Examining data/glogg-1.1.4/src/configuration.cpp
Examining data/glogg-1.1.4/src/quickfindpattern.h
Examining data/glogg-1.1.4/src/encodingspeculator.cpp
Examining data/glogg-1.1.4/src/abstractlogview.cpp
Examining data/glogg-1.1.4/src/winfilewatcher.h
Examining data/glogg-1.1.4/src/recentfiles.cpp
Examining data/glogg-1.1.4/src/sessioninfo.h
Examining data/glogg-1.1.4/src/selection.h
Examining data/glogg-1.1.4/src/winwatchtowerdriver.cpp
Examining data/glogg-1.1.4/src/filtersdialog.h
Examining data/glogg-1.1.4/src/quickfind.h
Examining data/glogg-1.1.4/src/filtersdialog.cpp
Examining data/glogg-1.1.4/src/overview.cpp
Examining data/glogg-1.1.4/src/persistentinfo.cpp
Examining data/glogg-1.1.4/src/dbusexternalcom.cpp
Examining data/glogg-1.1.4/src/mainwindow.h
Examining data/glogg-1.1.4/src/socketexternalcom.cpp
Examining data/glogg-1.1.4/src/sessioninfo.cpp
Examining data/glogg-1.1.4/src/configuration.h
Examining data/glogg-1.1.4/src/watchtowerlist.h
Examining data/glogg-1.1.4/src/utils.h
Examining data/glogg-1.1.4/src/inotifywatchtowerdriver.cpp
Examining data/glogg-1.1.4/src/viewtools.cpp
Examining data/glogg-1.1.4/src/overviewwidget.cpp
Examining data/glogg-1.1.4/src/persistable.h
Examining data/glogg-1.1.4/src/marks.h
Examining data/glogg-1.1.4/src/platformfilewatcher.h
Examining data/glogg-1.1.4/src/filteredview.cpp
Examining data/glogg-1.1.4/src/overviewwidget.h
Examining data/glogg-1.1.4/src/log.h
Examining data/glogg-1.1.4/src/quickfindwidget.cpp
Examining data/glogg-1.1.4/src/watchtowerlist.cpp
Examining data/glogg-1.1.4/src/savedsearches.cpp
Examining data/glogg-1.1.4/src/quickfindmux.cpp
Examining data/glogg-1.1.4/src/optionsdialog.cpp
Examining data/glogg-1.1.4/src/quickfindwidget.h
Examining data/glogg-1.1.4/src/config.h
Examining data/glogg-1.1.4/src/logmainview.cpp
Examining data/glogg-1.1.4/src/watchtower.cpp
Examining data/glogg-1.1.4/src/filteredview.h
Examining data/glogg-1.1.4/src/encodingspeculator.h
Examining data/glogg-1.1.4/src/qfnotifications.h
Examining data/glogg-1.1.4/src/mainwindow.cpp
Parsing failed to find end of parameter list; semicolon terminated it in ( fileName.toStdString(),
[]() { return new CrawlerWidget(); } ) );
assert( crawler_widget );
// We won't show the widget until the file is fully loaded
cr
Examining data/glogg-1.1.4/src/crawlerwidget.cpp
Examining data/glogg-1.1.4/src/session.h
Examining data/glogg-1.1.4/src/filterset.cpp
Examining data/glogg-1.1.4/src/marks.cpp
Examining data/glogg-1.1.4/src/viewinterface.h
Examining data/glogg-1.1.4/src/qtfilewatcher.h
Examining data/glogg-1.1.4/src/session.cpp
Examining data/glogg-1.1.4/src/filterset.h
Examining data/glogg-1.1.4/src/versionchecker.cpp
Examining data/glogg-1.1.4/src/savedsearches.h
Examining data/glogg-1.1.4/src/platformfilewatcher.cpp
Examining data/glogg-1.1.4/src/infoline.h
Examining data/glogg-1.1.4/src/tabbedcrawlerwidget.cpp
Examining data/glogg-1.1.4/src/crawlerwidget.h
Examining data/glogg-1.1.4/src/overview.h
Examining data/glogg-1.1.4/src/selection.cpp
Examining data/glogg-1.1.4/src/data/linepositionarray.h
Examining data/glogg-1.1.4/src/data/compressedlinestorage.cpp
Examining data/glogg-1.1.4/src/data/logdataworkerthread.cpp
Examining data/glogg-1.1.4/src/data/abstractlogdata.cpp
Examining data/glogg-1.1.4/src/data/logfiltereddataworkerthread.cpp
Examining data/glogg-1.1.4/src/data/logfiltereddata.cpp
Examining data/glogg-1.1.4/src/data/logdata.h
Examining data/glogg-1.1.4/src/data/logfiltereddata.h
Examining data/glogg-1.1.4/src/data/logfiltereddataworkerthread.h
Examining data/glogg-1.1.4/src/data/compressedlinestorage.h
Examining data/glogg-1.1.4/src/data/logdata.cpp
Examining data/glogg-1.1.4/src/data/logdataworkerthread.h
Examining data/glogg-1.1.4/src/data/threadprivatestore.h
Examining data/glogg-1.1.4/src/data/abstractlogdata.h
Examining data/glogg-1.1.4/src/logmainview.h
Examining data/glogg-1.1.4/src/signalmux.h
Examining data/glogg-1.1.4/src/winfilewatcher.cpp
Examining data/glogg-1.1.4/src/abstractlogview.h
Examining data/glogg-1.1.4/tests/linepositionarrayTest.cpp
Examining data/glogg-1.1.4/tests/testlogdata.h
Examining data/glogg-1.1.4/tests/main.cpp
Examining data/glogg-1.1.4/tests/itests.cpp
Examining data/glogg-1.1.4/tests/filewatcherTest.cpp
Examining data/glogg-1.1.4/tests/test_utils.h
Examining data/glogg-1.1.4/tests/watchtowerTest.cpp
Examining data/glogg-1.1.4/tests/testlogdata.cpp
Examining data/glogg-1.1.4/tests/testlogfiltereddata.cpp
Examining data/glogg-1.1.4/tests/encodingspeculatorTest.cpp
Examining data/glogg-1.1.4/tests/testlogfiltereddata.h
Examining data/glogg-1.1.4/tests/logfiltereddataTest.cpp
Examining data/glogg-1.1.4/tests/logfiltereddataPerfTest.cpp
Examining data/glogg-1.1.4/tests/logdataTest.cpp
Examining data/glogg-1.1.4/tests/logdataPerfTest.cpp
FINAL RESULTS:
data/glogg-1.1.4/src/log.h:176:10: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
std::sprintf(result, "%s.%03ld", buffer, (long)(GetTickCount() - first) % 1000);
data/glogg-1.1.4/src/log.h:194:10: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
std::sprintf(result, "%s.%03ld", buffer, (long)tv.tv_usec / 1000);
data/glogg-1.1.4/tests/logdataPerfTest.cpp:33:17: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(newLine, 89, vbl_format, i);
data/glogg-1.1.4/tests/logdataTest.cpp:41:13: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(newLine, 89, sl_format, i);
data/glogg-1.1.4/tests/logdataTest.cpp:62:13: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(newLine, 89, sl_format, i);
data/glogg-1.1.4/tests/logdataTest.cpp:88:17: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(newLine, 89, sl_format, i);
data/glogg-1.1.4/tests/logdataTest.cpp:137:17: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(newLine, 89, sl_format, i);
data/glogg-1.1.4/tests/logfiltereddataPerfTest.cpp:57:17: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(newLine, 89, vbl_format, i);
data/glogg-1.1.4/tests/logfiltereddataTest.cpp:41:17: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(newLine, 89, sl_format, i);
data/glogg-1.1.4/tests/testlogdata.cpp:153:13: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(newLine, 89, vbl_format, i);
data/glogg-1.1.4/tests/testlogdata.cpp:165:13: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(newLine, 89, sl_format, i);
data/glogg-1.1.4/tests/testlogfiltereddata.cpp:263:13: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(newLine, 89, sl_format, i);
data/glogg-1.1.4/tests/testlogfiltereddata.cpp:297:13: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(newLine, 89, sl_format, i);
data/glogg-1.1.4/tests/testlogfiltereddata.cpp:328:13: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(newLine, 89, sl_format, i);
data/glogg-1.1.4/tests/testlogfiltereddata.cpp:633:13: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(newLine, 89, ml_format, i);
data/glogg-1.1.4/tests/testlogfiltereddata.cpp:645:13: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(newLine, 89, sl_format, i);
data/glogg-1.1.4/tests/watchtowerTest.cpp:39:16: [3] (tmpfile) tmpnam:
Temporary file race condition (CWE-377).
name = tmpnam( nullptr );
data/glogg-1.1.4/tests/watchtowerTest.cpp:65:24: [3] (tmpfile) tmpnam:
Temporary file race condition (CWE-377).
return string( tmpnam( nullptr ) );
data/glogg-1.1.4/src/crawlerwidget.cpp:1054:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char string[160];
data/glogg-1.1.4/src/data/logdata.cpp:118:21: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
attached_file_->open( QIODevice::ReadOnly );
data/glogg-1.1.4/src/data/logdata.cpp:206:21: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
attached_file_->open( QIODevice::ReadOnly );
data/glogg-1.1.4/src/data/logdataworkerthread.cpp:215:15: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ( file.open( QIODevice::ReadOnly ) ) {
data/glogg-1.1.4/src/inotifywatchtowerdriver.cpp:135:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[ INOTIFY_BUFFER_SIZE ]
data/glogg-1.1.4/src/log.h:169:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[MAX_LEN];
data/glogg-1.1.4/src/log.h:174:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char result[100] = {0};
data/glogg-1.1.4/src/log.h:186:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[11];
data/glogg-1.1.4/src/log.h:193:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char result[100] = {0};
data/glogg-1.1.4/src/main.cpp:162:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char file_name[255];
data/glogg-1.1.4/src/main.cpp:164:22: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE* file = fopen(file_name, "w");
data/glogg-1.1.4/src/mainwindow.cpp:246:57: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
connect(openAction, SIGNAL(triggered()), this, SLOT(open()));
data/glogg-1.1.4/src/mainwindow.cpp:430:18: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
void MainWindow::open()
data/glogg-1.1.4/src/mainwindow.cpp:834:27: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
session_->open( fileName.toStdString(),
data/glogg-1.1.4/src/mainwindow.h:75:10: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
void open();
data/glogg-1.1.4/src/session.cpp:63:25: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
ViewInterface* Session::open( const std::string& file_name,
data/glogg-1.1.4/src/session.h:65:20: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
ViewInterface* open( const std::string& file_name,
data/glogg-1.1.4/src/watchtowerlist.h:24:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer_[buffer_length_];
data/glogg-1.1.4/src/winwatchtowerdriver.h:125:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer_[buffer_length_];
data/glogg-1.1.4/tests/logdataPerfTest.cpp:28:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char newLine[90];
data/glogg-1.1.4/tests/logdataPerfTest.cpp:31:19: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ( file.open( QIODevice::WriteOnly ) ) {
data/glogg-1.1.4/tests/logdataTest.cpp:29:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char newLine[90];
data/glogg-1.1.4/tests/logdataTest.cpp:39:15: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ( file.open( QIODevice::WriteOnly ) ) {
data/glogg-1.1.4/tests/logdataTest.cpp:60:15: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ( file.open( QIODevice::Append ) ) {
data/glogg-1.1.4/tests/logdataTest.cpp:85:19: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ( file.open( QIODevice::Append ) ) {
data/glogg-1.1.4/tests/logdataTest.cpp:110:23: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
QVERIFY( file.open( QIODevice::WriteOnly ) );
data/glogg-1.1.4/tests/logdataTest.cpp:132:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char newLine[90];
data/glogg-1.1.4/tests/logdataTest.cpp:135:19: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ( file.open( QIODevice::WriteOnly ) ) {
data/glogg-1.1.4/tests/logfiltereddataPerfTest.cpp:52:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char newLine[90];
data/glogg-1.1.4/tests/logfiltereddataPerfTest.cpp:55:19: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ( file.open( QIODevice::WriteOnly ) ) {
data/glogg-1.1.4/tests/logfiltereddataTest.cpp:36:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char newLine[90];
data/glogg-1.1.4/tests/logfiltereddataTest.cpp:39:19: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ( file.open( QIODevice::WriteOnly ) ) {
data/glogg-1.1.4/tests/testlogdata.cpp:148:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char newLine[90];
data/glogg-1.1.4/tests/testlogdata.cpp:151:15: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ( file.open( QIODevice::WriteOnly ) ) {
data/glogg-1.1.4/tests/testlogdata.cpp:163:15: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ( file.open( QIODevice::WriteOnly ) ) {
data/glogg-1.1.4/tests/testlogfiltereddata.cpp:259:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char newLine[90];
data/glogg-1.1.4/tests/testlogfiltereddata.cpp:261:15: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ( file.open( QIODevice::Append ) ) {
data/glogg-1.1.4/tests/testlogfiltereddata.cpp:294:15: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ( file.open( QIODevice::Append ) ) {
data/glogg-1.1.4/tests/testlogfiltereddata.cpp:325:15: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ( file.open( QIODevice::Append ) ) {
data/glogg-1.1.4/tests/testlogfiltereddata.cpp:628:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char newLine[90];
data/glogg-1.1.4/tests/testlogfiltereddata.cpp:631:15: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ( file.open( QIODevice::WriteOnly ) ) {
data/glogg-1.1.4/tests/testlogfiltereddata.cpp:643:15: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ( file.open( QIODevice::WriteOnly ) ) {
data/glogg-1.1.4/tests/testlogfiltereddata.cpp:655:15: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ( file.open( QIODevice::WriteOnly ) ) {
data/glogg-1.1.4/tests/watchtowerTest.cpp:136:18: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
int fd = open( file_name.c_str(), O_WRONLY | O_APPEND );
data/glogg-1.1.4/tests/watchtowerTest.cpp:353:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char temp_dir[255];
data/glogg-1.1.4/tests/watchtowerTest.cpp:452:9: [2] (buffer) wchar_t:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
wchar_t filename[13];
data/glogg-1.1.4/tests/watchtowerTest.cpp:504:15: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd_ = open( file_name.c_str(), O_WRONLY | O_APPEND );
data/glogg-1.1.4/src/data/logdata.cpp:360:39: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
QByteArray blob = attached_file_->read( last_byte - first_byte );
data/glogg-1.1.4/src/data/logdata.cpp:400:39: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
QByteArray blob = attached_file_->read( last_byte - first_byte );
data/glogg-1.1.4/src/data/logdataworkerthread.cpp:228:43: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
const QByteArray block = file.read( sizeChunk );
data/glogg-1.1.4/src/inotifywatchtowerdriver.cpp:138:26: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ssize_t nb = read( inotify_fd_, buffer, sizeof( buffer ) );
data/glogg-1.1.4/src/inotifywatchtowerdriver.cpp:159:13: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
read( breaking_pipe_read_fd_, &byte, sizeof byte );
data/glogg-1.1.4/src/versionchecker.cpp:112:47: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
QString new_version = QString( reply->read( 256 ) ).remove( '\n' );
data/glogg-1.1.4/tests/logdataTest.cpp:79:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
+ strlen( partial_line_begin ) ) );
data/glogg-1.1.4/tests/logdataTest.cpp:103:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
+ strlen( partial_line_begin ) + strlen( partial_line_end ) ) );
data/glogg-1.1.4/tests/logdataTest.cpp:103:50: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
+ strlen( partial_line_begin ) + strlen( partial_line_end ) ) );
data/glogg-1.1.4/tests/watchtowerTest.cpp:137:36: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
write( fd, (void*) string, strlen( string ) );
data/glogg-1.1.4/tests/watchtowerTest.cpp:513:37: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
write( fd_, (void*) string, strlen( string ) );
ANALYSIS SUMMARY:
Hits = 76
Lines analyzed = 20557 in approximately 0.49 seconds (42163 lines/second)
Physical Source Lines of Code (SLOC) = 12792
Hits@level = [0] 3 [1] 11 [2] 47 [3] 2 [4] 16 [5] 0
Hits@level+ = [0+] 79 [1+] 76 [2+] 65 [3+] 18 [4+] 16 [5+] 0
Hits/KSLOC@level+ = [0+] 6.17573 [1+] 5.94121 [2+] 5.0813 [3+] 1.40713 [4+] 1.25078 [5+] 0
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.