Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/kcontacts-5.74.0/autotests/vcardlinetest.h
Examining data/kcontacts-5.74.0/autotests/titletest.h
Examining data/kcontacts-5.74.0/autotests/calendarurltest.h
Examining data/kcontacts-5.74.0/autotests/roletest.cpp
Examining data/kcontacts-5.74.0/autotests/picturetest.h
Examining data/kcontacts-5.74.0/autotests/clientpidmaptest.h
Examining data/kcontacts-5.74.0/autotests/importexportvcardtest.cpp
Examining data/kcontacts-5.74.0/autotests/timezonetest.h
Examining data/kcontacts-5.74.0/autotests/addresseetest.h
Examining data/kcontacts-5.74.0/autotests/vcardtool_benchmark.cpp
Examining data/kcontacts-5.74.0/autotests/secrecytest.h
Examining data/kcontacts-5.74.0/autotests/customidentifiertest.h
Examining data/kcontacts-5.74.0/autotests/importexportvcardtest.h
Examining data/kcontacts-5.74.0/autotests/impptest.cpp
Examining data/kcontacts-5.74.0/autotests/gendertest.h
Examining data/kcontacts-5.74.0/autotests/vcarddragtest.cpp
Examining data/kcontacts-5.74.0/autotests/testlock.h
Examining data/kcontacts-5.74.0/autotests/langtest.h
Examining data/kcontacts-5.74.0/autotests/relatedtest.h
Examining data/kcontacts-5.74.0/autotests/langtest.cpp
Examining data/kcontacts-5.74.0/autotests/gendertest.cpp
Examining data/kcontacts-5.74.0/autotests/phonenumbertest.cpp
Examining data/kcontacts-5.74.0/autotests/timezonetest.cpp
Examining data/kcontacts-5.74.0/autotests/datetimetest.h
Examining data/kcontacts-5.74.0/autotests/addresstest.cpp
Examining data/kcontacts-5.74.0/autotests/soundtest.h
Examining data/kcontacts-5.74.0/autotests/contactgrouptest.cpp
Examining data/kcontacts-5.74.0/autotests/resourcelocatorurltest.cpp
Examining data/kcontacts-5.74.0/autotests/phonenumbertest.h
Examining data/kcontacts-5.74.0/autotests/geotest.cpp
Examining data/kcontacts-5.74.0/autotests/orgtest.h
Examining data/kcontacts-5.74.0/autotests/impptest.h
Examining data/kcontacts-5.74.0/autotests/addresstest.h
Examining data/kcontacts-5.74.0/autotests/ldifconvertertest.h
Examining data/kcontacts-5.74.0/autotests/fieldgrouptest.cpp
Examining data/kcontacts-5.74.0/autotests/nicknametest.h
Examining data/kcontacts-5.74.0/autotests/clientpidmaptest.cpp
Examining data/kcontacts-5.74.0/autotests/ldifconvertertest.cpp
Examining data/kcontacts-5.74.0/autotests/datetimetest.cpp
Examining data/kcontacts-5.74.0/autotests/emailtest.h
Examining data/kcontacts-5.74.0/autotests/birthdaytest.cpp
Examining data/kcontacts-5.74.0/autotests/testroundtrip.cpp
Examining data/kcontacts-5.74.0/autotests/emailtest.cpp
Examining data/kcontacts-5.74.0/autotests/roletest.h
Examining data/kcontacts-5.74.0/autotests/customidentifiertest.cpp
Examining data/kcontacts-5.74.0/autotests/fieldgrouptest.h
Examining data/kcontacts-5.74.0/autotests/birthdaytest.h
Examining data/kcontacts-5.74.0/autotests/keytest.cpp
Examining data/kcontacts-5.74.0/autotests/resourcelocatorurltest.h
Examining data/kcontacts-5.74.0/autotests/picturetest.cpp
Examining data/kcontacts-5.74.0/autotests/vcardtool_benchmark.h
Examining data/kcontacts-5.74.0/autotests/relatedtest.cpp
Examining data/kcontacts-5.74.0/autotests/geotest.h
Examining data/kcontacts-5.74.0/autotests/titletest.cpp
Examining data/kcontacts-5.74.0/autotests/addresseetest.cpp
Examining data/kcontacts-5.74.0/autotests/secrecytest.cpp
Examining data/kcontacts-5.74.0/autotests/calendarurltest.cpp
Examining data/kcontacts-5.74.0/autotests/soundtest.cpp
Examining data/kcontacts-5.74.0/autotests/nicknametest.cpp
Examining data/kcontacts-5.74.0/autotests/orgtest.cpp
Examining data/kcontacts-5.74.0/autotests/vcardlinetest.cpp
Examining data/kcontacts-5.74.0/autotests/keytest.h
Examining data/kcontacts-5.74.0/tests/testwrite.cpp
Examining data/kcontacts-5.74.0/tests/testread2.cpp
Examining data/kcontacts-5.74.0/tests/testutils.cpp
Examining data/kcontacts-5.74.0/tests/testread.cpp
Examining data/kcontacts-5.74.0/tests/testutils.h
Examining data/kcontacts-5.74.0/src/isotocountrymap_p.h
Examining data/kcontacts-5.74.0/src/countrytoisomap_p.h
Examining data/kcontacts-5.74.0/src/gender.h
Examining data/kcontacts-5.74.0/src/sound.cpp
Examining data/kcontacts-5.74.0/src/countrytoisomap_data.cpp
Examining data/kcontacts-5.74.0/src/vcarddrag.cpp
Examining data/kcontacts-5.74.0/src/picture.cpp
Examining data/kcontacts-5.74.0/src/contactgroup.h
Examining data/kcontacts-5.74.0/src/addressee.h
Examining data/kcontacts-5.74.0/src/title.h
Examining data/kcontacts-5.74.0/src/role.cpp
Examining data/kcontacts-5.74.0/src/sound.h
Examining data/kcontacts-5.74.0/src/nickname.cpp
Examining data/kcontacts-5.74.0/src/org.cpp
Examining data/kcontacts-5.74.0/src/lang.cpp
Examining data/kcontacts-5.74.0/src/geo.h
Examining data/kcontacts-5.74.0/src/calendarurl.h
Examining data/kcontacts-5.74.0/src/impp.cpp
Examining data/kcontacts-5.74.0/src/related.cpp
Examining data/kcontacts-5.74.0/src/vcardtool.cpp
Examining data/kcontacts-5.74.0/src/converter/vcardconverter.cpp
Examining data/kcontacts-5.74.0/src/converter/ldifconverter.h
Examining data/kcontacts-5.74.0/src/converter/ldifconverter.cpp
Examining data/kcontacts-5.74.0/src/converter/vcardconverter.h
Examining data/kcontacts-5.74.0/src/key.cpp
Examining data/kcontacts-5.74.0/src/address.h
Examining data/kcontacts-5.74.0/src/field.h
Examining data/kcontacts-5.74.0/src/related.h
Examining data/kcontacts-5.74.0/src/email.cpp
Examining data/kcontacts-5.74.0/src/geo.cpp
Examining data/kcontacts-5.74.0/src/countrytoisomap_p.cpp
Examining data/kcontacts-5.74.0/src/resourcelocatorurl.cpp
Examining data/kcontacts-5.74.0/src/lang.h
Examining data/kcontacts-5.74.0/src/key.h
Examining data/kcontacts-5.74.0/src/addressee.cpp
Examining data/kcontacts-5.74.0/src/field.cpp
Examining data/kcontacts-5.74.0/src/phonenumber.h
Examining data/kcontacts-5.74.0/src/email.h
Examining data/kcontacts-5.74.0/src/phonenumber.cpp
Examining data/kcontacts-5.74.0/src/addresseehelper.cpp
Examining data/kcontacts-5.74.0/src/gender.cpp
Examining data/kcontacts-5.74.0/src/title.cpp
Examining data/kcontacts-5.74.0/src/clientpidmap.h
Examining data/kcontacts-5.74.0/src/isotocountrymap_data.cpp
Examining data/kcontacts-5.74.0/src/contactgrouptool.h
Examining data/kcontacts-5.74.0/src/resourcelocatorurl.h
Examining data/kcontacts-5.74.0/src/org.h
Examining data/kcontacts-5.74.0/src/contactgrouptool.cpp
Examining data/kcontacts-5.74.0/src/contactgroup.cpp
Examining data/kcontacts-5.74.0/src/calendarurl.cpp
Examining data/kcontacts-5.74.0/src/addresseehelper.h
Examining data/kcontacts-5.74.0/src/fieldgroup.h
Examining data/kcontacts-5.74.0/src/role.h
Examining data/kcontacts-5.74.0/src/timezone.cpp
Examining data/kcontacts-5.74.0/src/secrecy.h
Examining data/kcontacts-5.74.0/src/secrecy.cpp
Examining data/kcontacts-5.74.0/src/vcarddrag.h
Examining data/kcontacts-5.74.0/src/timezone.h
Examining data/kcontacts-5.74.0/src/ldif_p.h
Examining data/kcontacts-5.74.0/src/clientpidmap.cpp
Examining data/kcontacts-5.74.0/src/address.cpp
Examining data/kcontacts-5.74.0/src/impp.h
Examining data/kcontacts-5.74.0/src/generator/translatedcountrylist.h
Examining data/kcontacts-5.74.0/src/generator/generateisotocountrymap.cpp
Examining data/kcontacts-5.74.0/src/generator/main.cpp
Examining data/kcontacts-5.74.0/src/generator/translatedcountrylist.cpp
Examining data/kcontacts-5.74.0/src/addresseelist.h
Examining data/kcontacts-5.74.0/src/note.h
Examining data/kcontacts-5.74.0/src/ldif.cpp
Examining data/kcontacts-5.74.0/src/vcardparser/vcardline.cpp
Examining data/kcontacts-5.74.0/src/vcardparser/vcardline.h
Examining data/kcontacts-5.74.0/src/vcardparser/vcardparser.cpp
Examining data/kcontacts-5.74.0/src/vcardparser/vcard.h
Examining data/kcontacts-5.74.0/src/vcardparser/vcard.cpp
Examining data/kcontacts-5.74.0/src/vcardparser/vcardparser.h
Examining data/kcontacts-5.74.0/src/vcardtool_p.h
Examining data/kcontacts-5.74.0/src/note.cpp
Examining data/kcontacts-5.74.0/src/fieldgroup.cpp
Examining data/kcontacts-5.74.0/src/nickname.h
Examining data/kcontacts-5.74.0/src/picture.h
FINAL RESULTS:
data/kcontacts-5.74.0/autotests/contactgrouptest.cpp:308:12: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
buffer.open(QIODevice::WriteOnly);
data/kcontacts-5.74.0/autotests/contactgrouptest.cpp:317:12: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
buffer.open(QIODevice::ReadOnly);
data/kcontacts-5.74.0/autotests/contactgrouptest.cpp:351:12: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
buffer.open(QIODevice::WriteOnly);
data/kcontacts-5.74.0/autotests/contactgrouptest.cpp:361:12: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
buffer.open(QIODevice::ReadOnly);
data/kcontacts-5.74.0/autotests/picturetest.cpp:35:16: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
buffer.open(QIODevice::WriteOnly);
data/kcontacts-5.74.0/autotests/picturetest.cpp:48:16: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
buffer.open(QIODevice::WriteOnly);
data/kcontacts-5.74.0/autotests/testroundtrip.cpp:122:19: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
QVERIFY(input.open(QIODevice::ReadOnly));
data/kcontacts-5.74.0/autotests/testroundtrip.cpp:135:28: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
QVERIFY(outputFile.open(QIODevice::ReadOnly));
data/kcontacts-5.74.0/autotests/testroundtrip.cpp:145:28: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
QVERIFY(outputFile.open(QIODevice::ReadOnly));
data/kcontacts-5.74.0/autotests/testroundtrip.cpp:155:28: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
QVERIFY(outputFile.open(QIODevice::ReadOnly));
data/kcontacts-5.74.0/src/countrytoisomap_p.h:23:67: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
explicit constexpr inline CountryToIsoIndex(int offset, const char isoCode[2])
data/kcontacts-5.74.0/src/countrytoisomap_p.h:32:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char s[2];
data/kcontacts-5.74.0/src/generator/generateisotocountrymap.cpp:29:16: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!input.open(QFile::ReadOnly)) {
data/kcontacts-5.74.0/src/generator/generateisotocountrymap.cpp:49:14: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!out.open(QFile::WriteOnly)) {
data/kcontacts-5.74.0/src/generator/main.cpp:49:22: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
bool success = f.open(QIODevice::WriteOnly | QIODevice::Truncate);
data/kcontacts-5.74.0/src/generator/translatedcountrylist.cpp:42:22: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
bool success = f.open(QIODevice::ReadOnly);
data/kcontacts-5.74.0/src/isotocountrymap_p.h:18:55: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
explicit constexpr inline IsoToCountryIndex(const char isoCode[2], int offset)
data/kcontacts-5.74.0/src/picture.cpp:189:16: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
buffer.open(QIODevice::WriteOnly);
data/kcontacts-5.74.0/tests/testread.cpp:39:15: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!file.open(QIODevice::ReadOnly)) {
data/kcontacts-5.74.0/tests/testutils.cpp:78:14: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (file.open(QIODevice::ReadOnly)) {
data/kcontacts-5.74.0/tests/testwrite.cpp:100:15: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!file.open(QIODevice::WriteOnly)) {
data/kcontacts-5.74.0/src/address.cpp:656:82: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
return strncmp(country_name_stringtable + lhs.m_offset, rhs.constData(), strlen(country_name_stringtable + lhs.m_offset)) < 0;
data/kcontacts-5.74.0/src/address.cpp:659:82: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
return strncmp(lhs.constData(), country_name_stringtable + rhs.m_offset, strlen(country_name_stringtable + rhs.m_offset)) < 0;
data/kcontacts-5.74.0/src/address.cpp:661:144: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (it != std::end(country_to_iso_index) && endIt == (it + 1) && strncmp(country_name_stringtable + (*it).m_offset, lookupKey.constData(), strlen(country_name_stringtable + (*it).m_offset)) == 0) {
data/kcontacts-5.74.0/src/contactgrouptool.cpp:133:10: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
bool read(QIODevice *device, ContactGroup &group);
data/kcontacts-5.74.0/src/contactgrouptool.cpp:134:10: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
bool read(QIODevice *device, QVector<ContactGroup> &groupList);
data/kcontacts-5.74.0/src/contactgrouptool.cpp:147:29: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
bool XmlContactGroupReader::read(QIODevice *device, ContactGroup &group)
data/kcontacts-5.74.0/src/contactgrouptool.cpp:165:29: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
bool XmlContactGroupReader::read(QIODevice *device, QVector<ContactGroup> &groupList)
data/kcontacts-5.74.0/src/contactgrouptool.cpp:313:22: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
bool ok = reader.read(device, group);
data/kcontacts-5.74.0/src/contactgrouptool.cpp:338:22: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
bool ok = reader.read(device, groupList);
ANALYSIS SUMMARY:
Hits = 30
Lines analyzed = 81563 in approximately 6.11 seconds (13342 lines/second)
Physical Source Lines of Code (SLOC) = 73882
Hits@level = [0] 0 [1] 9 [2] 21 [3] 0 [4] 0 [5] 0
Hits@level+ = [0+] 30 [1+] 30 [2+] 21 [3+] 0 [4+] 0 [5+] 0
Hits/KSLOC@level+ = [0+] 0.406053 [1+] 0.406053 [2+] 0.284237 [3+] 0 [4+] 0 [5+] 0
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.