Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/kalzium-20.08.3/libscience/elementparser.cpp
Examining data/kalzium-20.08.3/libscience/chemicaldataobject.h
Examining data/kalzium-20.08.3/libscience/spectrum.h
Examining data/kalzium-20.08.3/libscience/tests/isotopereadingtest.cpp
Examining data/kalzium-20.08.3/libscience/tests/xmlreadingtest.cpp
Examining data/kalzium-20.08.3/libscience/tests/spectrumreadingtests.cpp
Examining data/kalzium-20.08.3/libscience/psetables.h
Examining data/kalzium-20.08.3/libscience/spectrumparser.h
Examining data/kalzium-20.08.3/libscience/elementparser.h
Examining data/kalzium-20.08.3/libscience/isotope.cpp
Examining data/kalzium-20.08.3/libscience/parser.h
Examining data/kalzium-20.08.3/libscience/isotope.h
Examining data/kalzium-20.08.3/libscience/moleculeparser.h
Examining data/kalzium-20.08.3/libscience/psetables.cpp
Examining data/kalzium-20.08.3/libscience/libkdeedu_science_export.h
Examining data/kalzium-20.08.3/libscience/spectrum.cpp
Examining data/kalzium-20.08.3/libscience/isotopeparser.h
Examining data/kalzium-20.08.3/libscience/element.h
Examining data/kalzium-20.08.3/libscience/element.cpp
Examining data/kalzium-20.08.3/libscience/isotopeparser.cpp
Examining data/kalzium-20.08.3/libscience/spectrumparser.cpp
Examining data/kalzium-20.08.3/libscience/moleculeparser.cpp
Examining data/kalzium-20.08.3/libscience/chemicaldataobject.cpp
Examining data/kalzium-20.08.3/libscience/parser.cpp
Examining data/kalzium-20.08.3/plasmoid/engine/kalzium_engine.cpp
Examining data/kalzium-20.08.3/plasmoid/engine/kalzium_engine.h
Examining data/kalzium-20.08.3/plasmoid/applet/concentrationPlasmoid/concentrationCalculator.h
Examining data/kalzium-20.08.3/plasmoid/applet/concentrationPlasmoid/concentrationCalculator.cpp
Examining data/kalzium-20.08.3/plasmoid/applet/psePlasmoid/Molmasscalculator.cpp
Examining data/kalzium-20.08.3/plasmoid/applet/psePlasmoid/Periodictable.h
Examining data/kalzium-20.08.3/plasmoid/applet/psePlasmoid/Periodictable.cpp
Examining data/kalzium-20.08.3/plasmoid/applet/psePlasmoid/Molmasscalculator.h
Examining data/kalzium-20.08.3/plasmoid/applet/didyouknow/didyouknow.h
Examining data/kalzium-20.08.3/plasmoid/applet/didyouknow/didyouknow.cpp
Examining data/kalzium-20.08.3/plasmoid/applet/gasPlasmoid/gasCalculator.cpp
Examining data/kalzium-20.08.3/plasmoid/applet/gasPlasmoid/gasCalculator.h
Examining data/kalzium-20.08.3/plasmoid/applet/nuclearPlasmoid/kalziumdataobject.cpp
Examining data/kalzium-20.08.3/plasmoid/applet/nuclearPlasmoid/kalziumdataobject.h
Examining data/kalzium-20.08.3/plasmoid/applet/nuclearPlasmoid/nuclearCalculator.cpp
Examining data/kalzium-20.08.3/plasmoid/applet/nuclearPlasmoid/nuclearCalculator.h
Examining data/kalzium-20.08.3/plasmoid/applet/bodr/kalzium_plasma.h
Examining data/kalzium-20.08.3/plasmoid/applet/bodr/kalzium_plasma.cpp
Examining data/kalzium-20.08.3/compoundviewer/kalziumglpart.cpp
Examining data/kalzium-20.08.3/compoundviewer/kalziumglwidget.cpp
Examining data/kalzium-20.08.3/compoundviewer/kalziumglwidget.h
Examining data/kalzium-20.08.3/compoundviewer/iowrapper.cpp
Examining data/kalzium-20.08.3/compoundviewer/iowrapper.h
Examining data/kalzium-20.08.3/compoundviewer/libkdeedu_compoundviewer_export.h
Examining data/kalzium-20.08.3/compoundviewer/kalziumglpart.h
Examining data/kalzium-20.08.3/src/detailinfodlg.cpp
Examining data/kalzium-20.08.3/src/elementdataviewer.cpp
Examining data/kalzium-20.08.3/src/tableinfowidget.h
Examining data/kalzium-20.08.3/src/molcalcwidget.cpp
Examining data/kalzium-20.08.3/src/exportdialog.cpp
Examining data/kalzium-20.08.3/src/gradientwidget_impl.h
Examining data/kalzium-20.08.3/src/searchwidget.h
Examining data/kalzium-20.08.3/src/tableinfowidget.cpp
Examining data/kalzium-20.08.3/src/detailedQmlView.h
Examining data/kalzium-20.08.3/src/psetable/elementitem.h
Examining data/kalzium-20.08.3/src/psetable/periodictablestates.h
Examining data/kalzium-20.08.3/src/psetable/numerationitem.cpp
Examining data/kalzium-20.08.3/src/psetable/periodictablescene.h
Examining data/kalzium-20.08.3/src/psetable/elementitem.cpp
Examining data/kalzium-20.08.3/src/psetable/periodictableview.cpp
Examining data/kalzium-20.08.3/src/psetable/periodictableview.h
Examining data/kalzium-20.08.3/src/psetable/periodictablescene.cpp
Examining data/kalzium-20.08.3/src/psetable/periodictablestates.cpp
Examining data/kalzium-20.08.3/src/psetable/statemachine.h
Examining data/kalzium-20.08.3/src/psetable/statemachine.cpp
Examining data/kalzium-20.08.3/src/psetable/numerationitem.h
Examining data/kalzium-20.08.3/src/exportdialog.h
Examining data/kalzium-20.08.3/src/orbitswidget.h
Examining data/kalzium-20.08.3/src/calculator/calculator.cpp
Examining data/kalzium-20.08.3/src/calculator/concCalculator.h
Examining data/kalzium-20.08.3/src/calculator/nuclearCalculator.cpp
Examining data/kalzium-20.08.3/src/calculator/titrationCalculator.cpp
Examining data/kalzium-20.08.3/src/calculator/titrationCalculator.h
Examining data/kalzium-20.08.3/src/calculator/nuclearCalculator.h
Examining data/kalzium-20.08.3/src/calculator/concCalculator.cpp
Examining data/kalzium-20.08.3/src/calculator/calculator.h
Examining data/kalzium-20.08.3/src/calculator/gasCalculator.cpp
Examining data/kalzium-20.08.3/src/calculator/gasCalculator.h
Examining data/kalzium-20.08.3/src/kalziumutils.h
Examining data/kalzium-20.08.3/src/spectrumviewimpl.cpp
Examining data/kalzium-20.08.3/src/gradientwidget_impl.cpp
Examining data/kalzium-20.08.3/src/detailedQmlView.cpp
Examining data/kalzium-20.08.3/src/unitsettingsdialog.cpp
Examining data/kalzium-20.08.3/src/search.h
Examining data/kalzium-20.08.3/src/kalziumelementproperty.h
Examining data/kalzium-20.08.3/src/kalziumschemetype.cpp
Examining data/kalzium-20.08.3/src/kalziumnumerationtype.cpp
Examining data/kalzium-20.08.3/src/spectrumviewimpl.h
Examining data/kalzium-20.08.3/src/rsdialog.cpp
Examining data/kalzium-20.08.3/src/kalzium.h
Examining data/kalzium-20.08.3/src/kalziumgradienttype.h
Examining data/kalzium-20.08.3/src/kalziumdataobject.cpp
Examining data/kalzium-20.08.3/src/kalziumdataobject.h
Examining data/kalzium-20.08.3/src/molcalcwidget.h
Examining data/kalzium-20.08.3/src/tablesdialog.h
Examining data/kalzium-20.08.3/src/kalziumelementproperty.cpp
Examining data/kalzium-20.08.3/src/elementdataviewer.h
Examining data/kalzium-20.08.3/src/kalziumschemetype.h
Examining data/kalzium-20.08.3/src/kalzium.cpp
Examining data/kalzium-20.08.3/src/legendwidget.cpp
Examining data/kalzium-20.08.3/src/isotopetable/isotopescene.h
Examining data/kalzium-20.08.3/src/isotopetable/isotopeguideview.cpp
Examining data/kalzium-20.08.3/src/isotopetable/isotopeguideview.h
Examining data/kalzium-20.08.3/src/isotopetable/isotopetabledialog.h
Examining data/kalzium-20.08.3/src/isotopetable/isotopeview.h
Examining data/kalzium-20.08.3/src/isotopetable/informationitem.h
Examining data/kalzium-20.08.3/src/isotopetable/isotopetabledialog.cpp
Examining data/kalzium-20.08.3/src/isotopetable/isotopeitem.cpp
Examining data/kalzium-20.08.3/src/isotopetable/informationitem.cpp
Examining data/kalzium-20.08.3/src/isotopetable/isotopescene.cpp
Examining data/kalzium-20.08.3/src/isotopetable/isotopeview.cpp
Examining data/kalzium-20.08.3/src/isotopetable/isotopeitem.h
Examining data/kalzium-20.08.3/src/kalziumunitcombobox.cpp
Examining data/kalzium-20.08.3/src/kdeeduglossary.cpp
Examining data/kalzium-20.08.3/src/detailedgraphicaloverview.h
Examining data/kalzium-20.08.3/src/main.cpp
Examining data/kalzium-20.08.3/src/tools/obconverter.cpp
Examining data/kalzium-20.08.3/src/tools/obconverter.h
Examining data/kalzium-20.08.3/src/tools/moleculeview.h
Examining data/kalzium-20.08.3/src/tools/moleculewidgetplugin.h
Examining data/kalzium-20.08.3/src/tools/moleculeview.cpp
Examining data/kalzium-20.08.3/src/spectrumwidget.h
Examining data/kalzium-20.08.3/src/detailedgraphicaloverview.cpp
Examining data/kalzium-20.08.3/src/searchwidget.cpp
Examining data/kalzium-20.08.3/src/legendwidget.h
Examining data/kalzium-20.08.3/src/kdeeduglossary.h
Examining data/kalzium-20.08.3/src/orbitswidget.cpp
Examining data/kalzium-20.08.3/src/detailinfodlg.h
Examining data/kalzium-20.08.3/src/kalziumutils.cpp
Examining data/kalzium-20.08.3/src/rsdialog.h
Examining data/kalzium-20.08.3/src/kalziumunitcombobox.h
Examining data/kalzium-20.08.3/src/eqchemview.h
Examining data/kalzium-20.08.3/src/search.cpp
Examining data/kalzium-20.08.3/src/solver/main.c
Examining data/kalzium-20.08.3/src/solver/modwrap.c
Examining data/kalzium-20.08.3/src/kalziumnumerationtype.h
Examining data/kalzium-20.08.3/src/unitsettingsdialog.h
Examining data/kalzium-20.08.3/src/spectrumwidget.cpp
Examining data/kalzium-20.08.3/src/tablesdialog.cpp
Examining data/kalzium-20.08.3/src/eqchemview.cpp
Examining data/kalzium-20.08.3/src/kalziumgradienttype.cpp
FINAL RESULTS:
data/kalzium-20.08.3/src/calculator/titrationCalculator.cpp:105:21: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(yvalue,yvaluen);
data/kalzium-20.08.3/libscience/moleculeparser.cpp:378:17: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!(!file.open(QIODevice::ReadOnly | QIODevice::Text))) {
data/kalzium-20.08.3/libscience/moleculeparser.cpp:406:18: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!(!file2.open(QIODevice::ReadOnly | QIODevice::Text))) {
data/kalzium-20.08.3/src/calculator/titrationCalculator.cpp:68:17: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
connect(uid.open, &QAbstractButton::clicked,this, &titrationCalculator::on_actionOpen_triggered);
data/kalzium-20.08.3/src/calculator/titrationCalculator.cpp:95:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char yvalue[80];
data/kalzium-20.08.3/src/exportdialog.cpp:176:21: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!outputFile.open(QIODevice::WriteOnly)) {
data/kalzium-20.08.3/src/kalzium.cpp:583:15: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!file.open(QIODevice::ReadOnly | QIODevice::Text)) {
data/kalzium-20.08.3/src/kdeeduglossary.cpp:168:21: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!layoutFile.open(QIODevice::ReadOnly)) {
data/kalzium-20.08.3/src/molcalcwidget.cpp:78:21: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!(!file.open(QIODevice::ReadOnly | QIODevice::Text))) {
data/kalzium-20.08.3/src/molcalcwidget.cpp:115:22: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!(!file2.open(QIODevice::ReadOnly | QIODevice::Text))) {
data/kalzium-20.08.3/src/molcalcwidget.cpp:313:17: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!(!file.open(QIODevice::WriteOnly| QIODevice::Append | QIODevice::Text))) {
data/kalzium-20.08.3/compoundviewer/iowrapper.cpp:51:18: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (!format->read(inFileStream, *mol)) {
data/kalzium-20.08.3/src/calculator/titrationCalculator.cpp:272:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for (int i = 0; strlen(yvalue) + 1; ++i) {
data/kalzium-20.08.3/src/calculator/titrationCalculator.cpp:334:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for (int i = 0; strlen(yvalue) + 1; ++i) {
ANALYSIS SUMMARY:
Hits = 14
Lines analyzed = 29821 in approximately 0.93 seconds (32140 lines/second)
Physical Source Lines of Code (SLOC) = 19004
Hits@level = [0] 3 [1] 3 [2] 10 [3] 0 [4] 1 [5] 0
Hits@level+ = [0+] 17 [1+] 14 [2+] 11 [3+] 1 [4+] 1 [5+] 0
Hits/KSLOC@level+ = [0+] 0.894549 [1+] 0.736687 [2+] 0.578826 [3+] 0.0526205 [4+] 0.0526205 [5+] 0
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.