Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/juk-20.04.3/tageditor.cpp
Examining data/juk-20.04.3/tagrenameroptions.h
Examining data/juk-20.04.3/filerenamer.cpp
Examining data/juk-20.04.3/tracksequencemanager.cpp
Examining data/juk-20.04.3/directorylist.cpp
Examining data/juk-20.04.3/dynamicplaylist.cpp
Examining data/juk-20.04.3/tagguesser.cpp
Examining data/juk-20.04.3/tagguesserconfigdlg.cpp
Examining data/juk-20.04.3/playlistbox.cpp
Examining data/juk-20.04.3/keydialog.cpp
Examining data/juk-20.04.3/mediafiles.h
Examining data/juk-20.04.3/collectionlist.cpp
Examining data/juk-20.04.3/tagguesserconfigdlg.h
Examining data/juk-20.04.3/juktag.h
Examining data/juk-20.04.3/tracksequencemanager.h
Examining data/juk-20.04.3/exampleoptions.h
Examining data/juk-20.04.3/collectionlist.h
Examining data/juk-20.04.3/directorylist.h
Examining data/juk-20.04.3/directoryloader.h
Examining data/juk-20.04.3/searchwidget.h
Examining data/juk-20.04.3/playlistsplitter.h
Examining data/juk-20.04.3/volumepopupbutton.cpp
Examining data/juk-20.04.3/directoryloader.cpp
Examining data/juk-20.04.3/tageditor.h
Examining data/juk-20.04.3/categoryreaderinterface.h
Examining data/juk-20.04.3/filehandleproperties.h
Examining data/juk-20.04.3/searchplaylist.cpp
Examining data/juk-20.04.3/playlistitem.h
Examining data/juk-20.04.3/viewmode.h
Examining data/juk-20.04.3/historyplaylist.cpp
Examining data/juk-20.04.3/stringhash.h
Examining data/juk-20.04.3/systemtray.cpp
Examining data/juk-20.04.3/treeviewitemplaylist.cpp
Examining data/juk-20.04.3/tests/tagguessertest.cpp
Examining data/juk-20.04.3/slideraction.h
Examining data/juk-20.04.3/folderplaylist.h
Examining data/juk-20.04.3/svghandler.cpp
Examining data/juk-20.04.3/jukIface.h
Examining data/juk-20.04.3/coverdialog.cpp
Examining data/juk-20.04.3/juktag.cpp
Examining data/juk-20.04.3/covericonview.h
Examining data/juk-20.04.3/playlist.cpp
Examining data/juk-20.04.3/cache.cpp
Examining data/juk-20.04.3/playlistsearch.cpp
Examining data/juk-20.04.3/playlistsharedsettings.h
Examining data/juk-20.04.3/filerenamer.h
Examining data/juk-20.04.3/filehandle.h
Examining data/juk-20.04.3/advancedsearchdialog.h
Examining data/juk-20.04.3/deletedialog.h
Examining data/juk-20.04.3/covermanager.cpp
Examining data/juk-20.04.3/tracksequenceiterator.cpp
Examining data/juk-20.04.3/searchplaylist.h
Examining data/juk-20.04.3/filerenamerconfigdlg.cpp
Examining data/juk-20.04.3/mpris2/mediaplayer2.h
Examining data/juk-20.04.3/mpris2/mediaplayer2player.cpp
Examining data/juk-20.04.3/mpris2/mpris2.h
Examining data/juk-20.04.3/mpris2/mediaplayer2.cpp
Examining data/juk-20.04.3/mpris2/mediaplayer2player.h
Examining data/juk-20.04.3/mpris2/mpris2.cpp
Examining data/juk-20.04.3/stringshare.cpp
Examining data/juk-20.04.3/coverproxy.cpp
Examining data/juk-20.04.3/categoryreaderinterface.cpp
Examining data/juk-20.04.3/playlistinterface.h
Examining data/juk-20.04.3/playermanager.h
Examining data/juk-20.04.3/filerenameroptions.h
Examining data/juk-20.04.3/playlistcollection.h
Examining data/juk-20.04.3/covericonview.cpp
Examining data/juk-20.04.3/coverinfo.cpp
Examining data/juk-20.04.3/scrobbler.cpp
Examining data/juk-20.04.3/statuslabel.cpp
Examining data/juk-20.04.3/scrobbleconfigdlg.h
Examining data/juk-20.04.3/juk.cpp
Examining data/juk-20.04.3/playlistsharedsettings.cpp
Examining data/juk-20.04.3/filehandle.cpp
Examining data/juk-20.04.3/cache.h
Examining data/juk-20.04.3/main.cpp
Examining data/juk-20.04.3/viewmode.cpp
Examining data/juk-20.04.3/playlistsplitter.cpp
Examining data/juk-20.04.3/dbuscollectionproxy.h
Examining data/juk-20.04.3/slider.cpp
Examining data/juk-20.04.3/scrobbleconfigdlg.cpp
Examining data/juk-20.04.3/exampleoptions.cpp
Examining data/juk-20.04.3/coverdialog.h
Examining data/juk-20.04.3/upcomingplaylist.h
Examining data/juk-20.04.3/searchwidget.cpp
Examining data/juk-20.04.3/statuslabel.h
Examining data/juk-20.04.3/playlistcollection.cpp
Examining data/juk-20.04.3/stringshare.h
Examining data/juk-20.04.3/mediafiles.cpp
Examining data/juk-20.04.3/upcomingplaylist.cpp
Examining data/juk-20.04.3/folderplaylist.cpp
Examining data/juk-20.04.3/playlistsearch.h
Examining data/juk-20.04.3/juk.h
Examining data/juk-20.04.3/volumepopupbutton.h
Examining data/juk-20.04.3/playlist.h
Examining data/juk-20.04.3/tagtransactionmanager.cpp
Examining data/juk-20.04.3/lyricswidget.cpp
Examining data/juk-20.04.3/tagtransactionmanager.h
Examining data/juk-20.04.3/playlistinterface.cpp
Examining data/juk-20.04.3/playlistbox.h
Examining data/juk-20.04.3/playlistitem.cpp
Examining data/juk-20.04.3/tagrenameroptions.cpp
Examining data/juk-20.04.3/covermanager.h
Examining data/juk-20.04.3/actioncollection.h
Examining data/juk-20.04.3/slideraction.cpp
Examining data/juk-20.04.3/deletedialog.cpp
Examining data/juk-20.04.3/svghandler.h
Examining data/juk-20.04.3/webimagefetcher.cpp
Examining data/juk-20.04.3/actioncollection.cpp
Examining data/juk-20.04.3/playermanager.cpp
Examining data/juk-20.04.3/keydialog.h
Examining data/juk-20.04.3/systemtray.h
Examining data/juk-20.04.3/filerenamerconfigdlg.h
Examining data/juk-20.04.3/filerenameroptions.cpp
Examining data/juk-20.04.3/webimagefetcher.h
Examining data/juk-20.04.3/slider.h
Examining data/juk-20.04.3/tracksequenceiterator.h
Examining data/juk-20.04.3/lyricswidget.h
Examining data/juk-20.04.3/dynamicplaylist.h
Examining data/juk-20.04.3/historyplaylist.h
Examining data/juk-20.04.3/coverinfo.h
Examining data/juk-20.04.3/tagguesser.h
Examining data/juk-20.04.3/scrobbler.h
Examining data/juk-20.04.3/juk-exception.h
Examining data/juk-20.04.3/dbuscollectionproxy.cpp
Examining data/juk-20.04.3/advancedsearchdialog.cpp
Examining data/juk-20.04.3/nowplaying.cpp
Examining data/juk-20.04.3/treeviewitemplaylist.h
Examining data/juk-20.04.3/coverproxy.h
Examining data/juk-20.04.3/nowplaying.h
FINAL RESULTS:
data/juk-20.04.3/playlist.cpp:240:8: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
if(random && !m_history.isEmpty()) {
data/juk-20.04.3/tracksequenceiterator.cpp:80:40: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
const int candidate = KRandom::random();
data/juk-20.04.3/tracksequenceiterator.cpp:195:8: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
if(random || albumRandom) {
data/juk-20.04.3/tracksequenceiterator.cpp:202:38: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
newItem = items[KRandom::random() % items.count()];
data/juk-20.04.3/tracksequenceiterator.cpp:243:24: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
if((albumRandom || random) && current && m_randomItems.isEmpty()) {
data/juk-20.04.3/cache.cpp:134:11: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if(!f.open(QIODevice::ReadOnly))
data/juk-20.04.3/cache.cpp:178:11: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if(!f.open(QIODevice::WriteOnly)) {
data/juk-20.04.3/cache.cpp:265:20: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if(!m_loadFile.open(QIODevice::ReadOnly))
data/juk-20.04.3/cache.cpp:293:26: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
m_loadFileBuffer.open(QIODevice::ReadOnly);
data/juk-20.04.3/collectionlist.cpp:240:11: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if(!f.open(QIODevice::WriteOnly)) {
data/juk-20.04.3/coverinfo.cpp:269:26: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if(!albumArtFile.open(QIODevice::ReadWrite)) {
data/juk-20.04.3/covermanager.cpp:197:14: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if(!file.open(QIODevice::WriteOnly)) {
data/juk-20.04.3/covermanager.cpp:231:14: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if(!file.open(QIODevice::ReadOnly)) {
data/juk-20.04.3/covermanager.cpp:413:18: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if(!tempFile.open() || !large.save(tempFile.fileName(), "PNG")) {
data/juk-20.04.3/dbuscollectionproxy.cpp:51:19: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
m_collection->open(QStringList(file));
data/juk-20.04.3/dbuscollectionproxy.cpp:56:19: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
m_collection->open(files);
data/juk-20.04.3/dbuscollectionproxy.cpp:61:19: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
m_collection->open(playlist, QStringList(file));
data/juk-20.04.3/dbuscollectionproxy.cpp:66:19: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
m_collection->open(playlist, files);
data/juk-20.04.3/dbuscollectionproxy.cpp:142:18: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if(!tempFile.open()) {
data/juk-20.04.3/jukIface.h:35:42: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
void openFile(const QString &file) { open(QStringList(file)); }
data/juk-20.04.3/jukIface.h:36:47: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
void openFile(const QStringList &files) { open(files); }
data/juk-20.04.3/jukIface.h:37:67: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
void openFile(const QString &playlist, const QString &file) { open(playlist, QStringList(file)); }
data/juk-20.04.3/jukIface.h:38:72: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
void openFile(const QString &playlist, const QStringList &files) { open(playlist, files); }
data/juk-20.04.3/jukIface.h:58:18: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
virtual void open(const QStringList &files) = 0;
data/juk-20.04.3/jukIface.h:59:18: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
virtual void open(const QString &playlist, const QStringList &files) = 0;
data/juk-20.04.3/playlist.cpp:272:14: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if(!file.open(QIODevice::WriteOnly))
data/juk-20.04.3/playlist.cpp:1426:14: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if(!file.open(QIODevice::ReadOnly))
data/juk-20.04.3/playlistcollection.cpp:333:26: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
void PlaylistCollection::open(const QStringList &l)
data/juk-20.04.3/playlistcollection.cpp:365:26: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
void PlaylistCollection::open(const QString &playlist, const QStringList &files)
data/juk-20.04.3/playlistcollection.cpp:397:13: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
open(m_folderList);
data/juk-20.04.3/playlistcollection.cpp:400:13: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
open(result.addedDirs);
data/juk-20.04.3/playlistcollection.cpp:931:22: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
KStandardAction::open(this, SLOT(slotOpen()), actions());
data/juk-20.04.3/playlistcollection.h:87:18: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
virtual void open(const QStringList &files = QStringList());
data/juk-20.04.3/playlistcollection.h:88:18: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
virtual void open(const QString &playlist, const QStringList &files);
data/juk-20.04.3/playlistcollection.h:247:45: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
void slotOpen() { m_collection->open(); }
data/juk-20.04.3/filehandle.cpp:91:9: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
read(s);
data/juk-20.04.3/filehandle.cpp:163:18: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
void FileHandle::read(CacheDataStream &s)
data/juk-20.04.3/filehandle.cpp:219:7: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
f.read(s);
data/juk-20.04.3/filehandle.h:66:10: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
void read(CacheDataStream &s);
data/juk-20.04.3/juktag.cpp:101:23: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
CacheDataStream &Tag::read(CacheDataStream &s)
data/juk-20.04.3/juktag.cpp:244:14: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
return t.read(s);
data/juk-20.04.3/juktag.h:81:22: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
CacheDataStream &read(CacheDataStream &s);
data/juk-20.04.3/playlist.cpp:934:16: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
void Playlist::read(QDataStream &s)
data/juk-20.04.3/playlist.cpp:2081:7: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
p.read(s);
data/juk-20.04.3/playlist.h:323:10: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
void read(QDataStream &s);
ANALYSIS SUMMARY:
Hits = 45
Lines analyzed = 26765 in approximately 0.66 seconds (40568 lines/second)
Physical Source Lines of Code (SLOC) = 16364
Hits@level = [0] 0 [1] 10 [2] 30 [3] 5 [4] 0 [5] 0
Hits@level+ = [0+] 45 [1+] 45 [2+] 35 [3+] 5 [4+] 0 [5+] 0
Hits/KSLOC@level+ = [0+] 2.74994 [1+] 2.74994 [2+] 2.13884 [3+] 0.305549 [4+] 0 [5+] 0
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.