Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler. Number of rules (primarily dangerous function names) in C/C++ ruleset: 223 Examining data/httraqt-1.4.9/sources/options/optionsproxy.cpp Examining data/httraqt-1.4.9/sources/options/optionsbuild.cpp Examining data/httraqt-1.4.9/sources/options/OptionsDialog.cpp Examining data/httraqt-1.4.9/sources/options/optionslimits.cpp Examining data/httraqt-1.4.9/sources/options/BuildStringDialog.cpp Examining data/httraqt-1.4.9/sources/options/optionsspider.cpp Examining data/httraqt-1.4.9/sources/options/optionslinks.cpp Examining data/httraqt-1.4.9/sources/options/optionsrulez.cpp Examining data/httraqt-1.4.9/sources/options/optionslog.cpp Examining data/httraqt-1.4.9/sources/options/optionsmime.cpp Examining data/httraqt-1.4.9/sources/options/includes/optionsproxy.h Examining data/httraqt-1.4.9/sources/options/includes/optionsrulez.h Examining data/httraqt-1.4.9/sources/options/includes/OptionsDialog.h Examining data/httraqt-1.4.9/sources/options/includes/optionsbrowser.h Examining data/httraqt-1.4.9/sources/options/includes/optionslimits.h Examining data/httraqt-1.4.9/sources/options/includes/optionsmime.h Examining data/httraqt-1.4.9/sources/options/includes/optionsexperts.h Examining data/httraqt-1.4.9/sources/options/includes/BuildStringDialog.h Examining data/httraqt-1.4.9/sources/options/includes/optionsspider.h Examining data/httraqt-1.4.9/sources/options/includes/optionslinks.h Examining data/httraqt-1.4.9/sources/options/includes/optionsbuild.h Examining data/httraqt-1.4.9/sources/options/includes/optionslog.h Examining data/httraqt-1.4.9/sources/options/includes/optionsflow.h Examining data/httraqt-1.4.9/sources/options/optionsbrowser.cpp Examining data/httraqt-1.4.9/sources/options/optionsexperts.cpp Examining data/httraqt-1.4.9/sources/options/optionsflow.cpp Examining data/httraqt-1.4.9/sources/main/httraqt.cpp Examining data/httraqt-1.4.9/sources/main/StartTab.cpp Examining data/httraqt-1.4.9/sources/main/main.cpp Examining data/httraqt-1.4.9/sources/main/InsertUrlDialog.cpp Examining data/httraqt-1.4.9/sources/main/ProgressTab.cpp Examining data/httraqt-1.4.9/sources/main/buttonPanel.cpp Examining data/httraqt-1.4.9/sources/main/htinterface.cpp Examining data/httraqt-1.4.9/sources/main/AboutDialog.cpp Examining data/httraqt-1.4.9/sources/main/translator.cpp Examining data/httraqt-1.4.9/sources/main/ConfirmTab.cpp Examining data/httraqt-1.4.9/sources/main/options.cpp Examining data/httraqt-1.4.9/sources/main/NewProjTab.cpp Examining data/httraqt-1.4.9/sources/main/includes/AboutDialog.h Examining data/httraqt-1.4.9/sources/main/includes/htinterface.h Examining data/httraqt-1.4.9/sources/main/includes/NewProjTab.h Examining data/httraqt-1.4.9/sources/main/includes/InsertUrlDialog.h Examining data/httraqt-1.4.9/sources/main/includes/buttonPanel.h Examining data/httraqt-1.4.9/sources/main/includes/translator.h Examining data/httraqt-1.4.9/sources/main/includes/StartTab.h Examining data/httraqt-1.4.9/sources/main/includes/httraqt.h Examining data/httraqt-1.4.9/sources/main/includes/OptionsTab.h Examining data/httraqt-1.4.9/sources/main/includes/ConfirmTab.h Examining data/httraqt-1.4.9/sources/main/includes/FinalTab.h Examining data/httraqt-1.4.9/sources/main/includes/options.h Examining data/httraqt-1.4.9/sources/main/includes/ProgressTab.h Examining data/httraqt-1.4.9/sources/main/FinalTab.cpp Examining data/httraqt-1.4.9/sources/main/OptionsTab.cpp Examining data/httraqt-1.4.9/sources/version.h FINAL RESULTS: data/httraqt-1.4.9/sources/main/AboutDialog.cpp:59:32: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. QString outStr = QString().sprintf(PROGRAM_FULL_NAME, HTTQTVERSION) + "<br>" + str2 + "<br><br>" + str4; data/httraqt-1.4.9/sources/main/NewProjTab.cpp:225:24: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. sSheet = QString().sprintf("font-size: %dpt", sz); data/httraqt-1.4.9/sources/main/NewProjTab.cpp:229:28: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. sSheet = QString().sprintf("font-size: %dpx", sz); data/httraqt-1.4.9/sources/main/ProgressTab.cpp:210:13: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. lnk.sprintf("%d/%d (+%d)", parent->SInfo.lien_n, parent->SInfo.lien_tot - 1, parent->SInfo.stat_back); data/httraqt-1.4.9/sources/main/ProgressTab.cpp:212:13: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. lnk.sprintf("%d/%d", parent->SInfo.lien_n, parent->SInfo.lien_tot - 1); data/httraqt-1.4.9/sources/main/ProgressTab.cpp:278:35: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. i0->setText(QString().sprintf("%.2f MB", mbytes)); // bytes data/httraqt-1.4.9/sources/main/ProgressTab.cpp:280:35: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. i0->setText(QString().sprintf("%.4f GB", mbytes / 1024.0)); // bytes data/httraqt-1.4.9/sources/main/ProgressTab.cpp:300:12: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. st.sprintf("%d (%d)", parent->SInfo.irate, parent->SInfo.rate); data/httraqt-1.4.9/sources/main/ProgressTab.cpp:316:19: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. tempo.sprintf("%d (%d%%)", parent->SInfo.stat_updated, pc); data/httraqt-1.4.9/sources/main/ProgressTab.cpp:318:19: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. tempo.sprintf("%d", parent->SInfo.stat_updated); data/httraqt-1.4.9/sources/main/ProgressTab.cpp:342:31: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. s.sprintf("%4.1f B", (float)sz); data/httraqt-1.4.9/sources/main/ProgressTab.cpp:344:31: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. s.sprintf("%4.1f kB", (float)(sz / 1024.0)); data/httraqt-1.4.9/sources/main/ProgressTab.cpp:346:31: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. s.sprintf("%4.1f MB", (float)(sz / (1024.0 * 1024.0))); data/httraqt-1.4.9/sources/main/ProgressTab.cpp:348:31: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. s.sprintf("%4.1f GB", (float)(sz / (1024.0 * 1024.0 * 1024.0))); data/httraqt-1.4.9/sources/main/ProgressTab.cpp:477:18: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. info.sprintf("[%d s]", parent->SInfo.stat_time); data/httraqt-1.4.9/sources/main/ProgressTab.cpp:491:35: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. byteb = QString().sprintf("%.2f MB", parent->SInfo.stat_bytes / (1024.0 * 1024.0)); // bytes data/httraqt-1.4.9/sources/main/ProgressTab.cpp:493:35: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. byteb = QString().sprintf("%d B", parent->SInfo.stat_bytes); data/httraqt-1.4.9/sources/main/StartTab.cpp:55:19: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. v = QString().sprintf("%s v.%s (%s)", PROGRAM_NAME, HTTQTVERSION, PROGRAM_DATE); data/httraqt-1.4.9/sources/main/htinterface.cpp:273:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(chaine, "%s%s", url_address, url_file); data/httraqt-1.4.9/sources/main/htinterface.cpp:664:21: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(tempo, p + 2); data/httraqt-1.4.9/sources/main/htinterface.cpp:665:21: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(p, tempo); data/httraqt-1.4.9/sources/main/htinterface.cpp:672:13: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(tempo, p + 1); data/httraqt-1.4.9/sources/main/htinterface.cpp:673:13: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(p, tempo); /* wipe "" */ data/httraqt-1.4.9/sources/main/httraqt.cpp:431:35: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. programStyleSheet = QString().sprintf("font-size: %dpt", fontSize); data/httraqt-1.4.9/sources/main/httraqt.cpp:435:39: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. programStyleSheet = QString().sprintf("font-size: %dpx", fontSize); data/httraqt-1.4.9/sources/main/httraqt.cpp:1376:29: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. QLocale lSys = QLocale::system(); data/httraqt-1.4.9/sources/main/httraqt.cpp:2038:39: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. programStyleSheet = QString().sprintf("font-size: %dpx", fontSize); data/httraqt-1.4.9/sources/main/httraqt.cpp:2040:39: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. programStyleSheet = QString().sprintf("font-size: %dpt", fontSize); data/httraqt-1.4.9/sources/main/httraqt.cpp:2135:51: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. streamOutput << QString().sprintf("t%03d=", i) << ll << "\r\n"; data/httraqt-1.4.9/sources/main/options.cpp:191:34: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. fTxt = QString().sprintf("%6.4f", fTmp); data/httraqt-1.4.9/sources/main/options.cpp:271:38: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. tTxt = QString().sprintf("%6.4f", tFloat / (1024.0 * 1024.0)); data/httraqt-1.4.9/sources/options/optionsbrowser.cpp:114:31: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. << QString().sprintf(PROGRAM_FULL_NAME, HTTQTVERSION) + " (offline browser; web mirror utility)"; data/httraqt-1.4.9/sources/options/optionsmime.cpp:75:37: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. ident[i], -1, QString().sprintf("MIMEDefsExt%d", (i + 1)), COMBOBOX, "" data/httraqt-1.4.9/sources/options/optionsmime.cpp:78:36: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. mime[i], -1, QString().sprintf("MIMEDefsMime%d", (i + 1)), COMBOBOX, "" data/httraqt-1.4.9/sources/main/OptionsTab.cpp:232:19: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if (!fileName.open(QIODevice::ReadOnly | QIODevice::Text)) { data/httraqt-1.4.9/sources/main/buttonPanel.cpp:110:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char mask[8] = {0x06, 0x07, 0x07, 0x07, 0x02, 0x06, 0x00}; data/httraqt-1.4.9/sources/main/htinterface.cpp:147:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char commande[1024] ; data/httraqt-1.4.9/sources/main/htinterface.cpp:272:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char chaine[1024] ; data/httraqt-1.4.9/sources/main/htinterface.cpp:530:41: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tempo[256]; data/httraqt-1.4.9/sources/main/httraqt.cpp:351:20: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if (fl.open(QFile::WriteOnly) == true) { data/httraqt-1.4.9/sources/main/httraqt.cpp:606:20: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if (fl.open(QFile::WriteOnly) == true) { data/httraqt-1.4.9/sources/main/httraqt.cpp:713:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tempo[8192]; data/httraqt-1.4.9/sources/main/httraqt.cpp:1957:19: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if (fLang.open(QIODevice::ReadOnly)) { //wird eingelesen data/httraqt-1.4.9/sources/main/httraqt.cpp:2093:19: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if (fLang.open(QIODevice::ReadOnly)) { //wird eingelesen data/httraqt-1.4.9/sources/main/httraqt.cpp:2104:24: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if (langTrFile.open(QIODevice::WriteOnly)) { data/httraqt-1.4.9/sources/main/translator.cpp:550:19: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if (!langFile.open(QIODevice::ReadOnly)) { data/httraqt-1.4.9/sources/options/OptionsDialog.cpp:98:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(pages, p, OPTION_SITES * sizeof(QWidget*)); data/httraqt-1.4.9/sources/main/htinterface.cpp:661:49: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). char* tempo = (char*)malloc(strlen(p) + 2 + 2); data/httraqt-1.4.9/sources/main/htinterface.cpp:670:41: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). char* tempo = (char*)malloc(strlen(p) + 2); data/httraqt-1.4.9/sources/main/httraqt.cpp:723:34: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). for(i = 0; i < (int) strlen(tempo); i++) { data/httraqt-1.4.9/sources/main/httraqt.cpp:2534:31: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). for (int i = 0; i < (int) strlen(chaine); i++) { ANALYSIS SUMMARY: Hits = 51 Lines analyzed = 11789 in approximately 0.30 seconds (38695 lines/second) Physical Source Lines of Code (SLOC) = 7811 Hits@level = [0] 0 [1] 4 [2] 13 [3] 0 [4] 34 [5] 0 Hits@level+ = [0+] 51 [1+] 51 [2+] 47 [3+] 34 [4+] 34 [5+] 0 Hits/KSLOC@level+ = [0+] 6.52925 [1+] 6.52925 [2+] 6.01716 [3+] 4.35284 [4+] 4.35284 [5+] 0 Dot directories skipped = 1 (--followdotdir overrides) Minimum risk level = 1 Not every hit is necessarily a security vulnerability. There may be other security vulnerabilities; review your code! See 'Secure Programming HOWTO' (https://dwheeler.com/secure-programs) for more information.