Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/kdeconnect-20.08.3/daemon/kdeconnectd.cpp
Examining data/kdeconnect-20.08.3/smsapp/conversationssortfilterproxymodel.cpp
Examining data/kdeconnect-20.08.3/smsapp/conversationssortfilterproxymodel.h
Examining data/kdeconnect-20.08.3/smsapp/conversationmodel.cpp
Examining data/kdeconnect-20.08.3/smsapp/conversationmodel.h
Examining data/kdeconnect-20.08.3/smsapp/conversationlistmodel.h
Examining data/kdeconnect-20.08.3/smsapp/main.cpp
Examining data/kdeconnect-20.08.3/smsapp/gsmasciimap.cpp
Examining data/kdeconnect-20.08.3/smsapp/gsmasciimap.h
Examining data/kdeconnect-20.08.3/smsapp/smshelper.cpp
Examining data/kdeconnect-20.08.3/smsapp/conversationlistmodel.cpp
Examining data/kdeconnect-20.08.3/smsapp/smshelper.h
Examining data/kdeconnect-20.08.3/smsapp/smscharcount.h
Examining data/kdeconnect-20.08.3/cli/kdeconnect-cli.cpp
Examining data/kdeconnect-20.08.3/kcm/kcm.cpp
Examining data/kdeconnect-20.08.3/kcm/kcm.h
Examining data/kdeconnect-20.08.3/tests/testdevice.h
Examining data/kdeconnect-20.08.3/tests/networkpackettests.h
Examining data/kdeconnect-20.08.3/tests/testdevice.cpp
Examining data/kdeconnect-20.08.3/tests/pluginloadtest.cpp
Examining data/kdeconnect-20.08.3/tests/testdaemon.h
Examining data/kdeconnect-20.08.3/tests/testprivatedbus.cpp
Examining data/kdeconnect-20.08.3/tests/testsmshelper.cpp
Examining data/kdeconnect-20.08.3/tests/sendfiletest.cpp
Examining data/kdeconnect-20.08.3/tests/testsocketlinereader.cpp
Examining data/kdeconnect-20.08.3/urlhandler/kdeconnect-handler.cpp
Examining data/kdeconnect-20.08.3/kcmplugin/kdeconnectpluginkcm.cpp
Examining data/kdeconnect-20.08.3/kcmplugin/kdeconnectpluginkcm.h
Examining data/kdeconnect-20.08.3/kio/kiokdeconnect.h
Examining data/kdeconnect-20.08.3/kio/kiokdeconnect.cpp
Examining data/kdeconnect-20.08.3/app/main.cpp
Examining data/kdeconnect-20.08.3/declarativeplugin/kdeconnectdeclarativeplugin.h
Examining data/kdeconnect-20.08.3/declarativeplugin/objectfactory.cpp
Examining data/kdeconnect-20.08.3/declarativeplugin/objectfactory.h
Examining data/kdeconnect-20.08.3/declarativeplugin/responsewaiter.cpp
Examining data/kdeconnect-20.08.3/declarativeplugin/kdeconnectdeclarativeplugin.cpp
Examining data/kdeconnect-20.08.3/declarativeplugin/responsewaiter.h
Examining data/kdeconnect-20.08.3/settings/main.cpp
Examining data/kdeconnect-20.08.3/core/notificationserverinfo.cpp
Examining data/kdeconnect-20.08.3/core/kdeconnectpluginconfig.cpp
Examining data/kdeconnect-20.08.3/core/networkpacket.cpp
Examining data/kdeconnect-20.08.3/core/daemon.cpp
Examining data/kdeconnect-20.08.3/core/kdeconnectplugin.h
Examining data/kdeconnect-20.08.3/core/networkpackettypes.h
Examining data/kdeconnect-20.08.3/core/kdeconnectconfig.cpp
Examining data/kdeconnect-20.08.3/core/daemon.h
Examining data/kdeconnect-20.08.3/core/filetransferjob.cpp
Examining data/kdeconnect-20.08.3/core/backends/lan/compositeuploadjob.cpp
Examining data/kdeconnect-20.08.3/core/backends/lan/server.h
Examining data/kdeconnect-20.08.3/core/backends/lan/uploadjob.cpp
Examining data/kdeconnect-20.08.3/core/backends/lan/lanpairinghandler.cpp
Examining data/kdeconnect-20.08.3/core/backends/lan/uploadjob.h
Examining data/kdeconnect-20.08.3/core/backends/lan/landevicelink.h
Examining data/kdeconnect-20.08.3/core/backends/lan/lanlinkprovider.h
Examining data/kdeconnect-20.08.3/core/backends/lan/socketlinereader.h
Examining data/kdeconnect-20.08.3/core/backends/lan/socketlinereader.cpp
Examining data/kdeconnect-20.08.3/core/backends/lan/landevicelink.cpp
Examining data/kdeconnect-20.08.3/core/backends/lan/compositeuploadjob.h
Examining data/kdeconnect-20.08.3/core/backends/lan/lanlinkprovider.cpp
Examining data/kdeconnect-20.08.3/core/backends/lan/lanpairinghandler.h
Examining data/kdeconnect-20.08.3/core/backends/lan/server.cpp
Examining data/kdeconnect-20.08.3/core/backends/linkprovider.cpp
Examining data/kdeconnect-20.08.3/core/backends/pairinghandler.h
Examining data/kdeconnect-20.08.3/core/backends/pairinghandler.cpp
Examining data/kdeconnect-20.08.3/core/backends/devicelink.h
Examining data/kdeconnect-20.08.3/core/backends/linkprovider.h
Examining data/kdeconnect-20.08.3/core/backends/devicelinereader.cpp
Examining data/kdeconnect-20.08.3/core/backends/devicelinereader.h
Examining data/kdeconnect-20.08.3/core/backends/devicelink.cpp
Examining data/kdeconnect-20.08.3/core/backends/bluetooth/bluetoothlinkprovider.cpp
Examining data/kdeconnect-20.08.3/core/backends/bluetooth/bluetoothpairinghandler.cpp
Examining data/kdeconnect-20.08.3/core/backends/bluetooth/bluetoothuploadjob.h
Examining data/kdeconnect-20.08.3/core/backends/bluetooth/bluetoothdownloadjob.h
Examining data/kdeconnect-20.08.3/core/backends/bluetooth/bluetoothuploadjob.cpp
Examining data/kdeconnect-20.08.3/core/backends/bluetooth/bluetoothdownloadjob.cpp
Examining data/kdeconnect-20.08.3/core/backends/bluetooth/bluetoothlinkprovider.h
Examining data/kdeconnect-20.08.3/core/backends/bluetooth/multiplexchannelstate.cpp
Examining data/kdeconnect-20.08.3/core/backends/bluetooth/bluetoothdevicelink.h
Examining data/kdeconnect-20.08.3/core/backends/bluetooth/connectionmultiplexer.h
Examining data/kdeconnect-20.08.3/core/backends/bluetooth/multiplexchannel.cpp
Examining data/kdeconnect-20.08.3/core/backends/bluetooth/bluetoothdevicelink.cpp
Examining data/kdeconnect-20.08.3/core/backends/bluetooth/bluetoothpairinghandler.h
Examining data/kdeconnect-20.08.3/core/backends/bluetooth/connectionmultiplexer.cpp
Examining data/kdeconnect-20.08.3/core/backends/bluetooth/multiplexchannelstate.h
Examining data/kdeconnect-20.08.3/core/backends/bluetooth/multiplexchannel.h
Examining data/kdeconnect-20.08.3/core/backends/loopback/loopbacklinkprovider.h
Examining data/kdeconnect-20.08.3/core/backends/loopback/loopbacklinkprovider.cpp
Examining data/kdeconnect-20.08.3/core/backends/loopback/loopbackdevicelink.cpp
Examining data/kdeconnect-20.08.3/core/backends/loopback/loopbackdevicelink.h
Examining data/kdeconnect-20.08.3/core/kdeconnectpluginconfig.h
Examining data/kdeconnect-20.08.3/core/compositefiletransferjob.cpp
Examining data/kdeconnect-20.08.3/core/kdeconnectconfig.h
Examining data/kdeconnect-20.08.3/core/notificationserverinfo.h
Examining data/kdeconnect-20.08.3/core/core_debug.cpp
Examining data/kdeconnect-20.08.3/core/device.h
Examining data/kdeconnect-20.08.3/core/kdeconnectplugin.cpp
Examining data/kdeconnect-20.08.3/core/pluginloader.h
Examining data/kdeconnect-20.08.3/core/device.cpp
Examining data/kdeconnect-20.08.3/core/pluginloader.cpp
Examining data/kdeconnect-20.08.3/core/networkpacket.h
Examining data/kdeconnect-20.08.3/core/dbushelper.cpp
Examining data/kdeconnect-20.08.3/core/filetransferjob.h
Examining data/kdeconnect-20.08.3/core/compositefiletransferjob.h
Examining data/kdeconnect-20.08.3/core/core_debug.h
Examining data/kdeconnect-20.08.3/core/qtcompat_p.h
Examining data/kdeconnect-20.08.3/interfaces/notificationsmodel.cpp
Examining data/kdeconnect-20.08.3/interfaces/remotecommandsmodel.h
Examining data/kdeconnect-20.08.3/interfaces/conversationmessage.cpp
Examining data/kdeconnect-20.08.3/interfaces/devicespluginfilterproxymodel.cpp
Examining data/kdeconnect-20.08.3/interfaces/remotesinksmodel.h
Examining data/kdeconnect-20.08.3/interfaces/dbushelpers.h
Examining data/kdeconnect-20.08.3/interfaces/modeltest.cpp
Examining data/kdeconnect-20.08.3/interfaces/remotecommandsmodel.cpp
Examining data/kdeconnect-20.08.3/interfaces/devicespluginfilterproxymodel.h
Examining data/kdeconnect-20.08.3/interfaces/dbusinterfaces.cpp
Examining data/kdeconnect-20.08.3/interfaces/devicessortproxymodel.h
Examining data/kdeconnect-20.08.3/interfaces/devicesmodel.cpp
Examining data/kdeconnect-20.08.3/interfaces/dbusinterfaces.h
Examining data/kdeconnect-20.08.3/interfaces/remotesinksmodel.cpp
Examining data/kdeconnect-20.08.3/interfaces/notificationsmodel.h
Examining data/kdeconnect-20.08.3/interfaces/conversationmessage.h
Examining data/kdeconnect-20.08.3/interfaces/devicessortproxymodel.cpp
Examining data/kdeconnect-20.08.3/interfaces/modeltest.h
Examining data/kdeconnect-20.08.3/interfaces/devicesmodel.h
Examining data/kdeconnect-20.08.3/fileitemactionplugin/sendfileitemaction.h
Examining data/kdeconnect-20.08.3/fileitemactionplugin/sendfileitemaction.cpp
Examining data/kdeconnect-20.08.3/plugins/sendnotifications/notifyingapplication.cpp
Examining data/kdeconnect-20.08.3/plugins/sendnotifications/sendnotifications_config.cpp
Examining data/kdeconnect-20.08.3/plugins/sendnotifications/sendnotifications_config.h
Examining data/kdeconnect-20.08.3/plugins/sendnotifications/notifyingapplicationmodel.cpp
Examining data/kdeconnect-20.08.3/plugins/sendnotifications/notificationslistener.cpp
Examining data/kdeconnect-20.08.3/plugins/sendnotifications/sendnotificationsplugin.cpp
Examining data/kdeconnect-20.08.3/plugins/sendnotifications/notifyingapplicationmodel.h
Examining data/kdeconnect-20.08.3/plugins/sendnotifications/notifyingapplication.h
Examining data/kdeconnect-20.08.3/plugins/sendnotifications/sendnotificationsplugin.h
Examining data/kdeconnect-20.08.3/plugins/sendnotifications/notificationslistener.h
Examining data/kdeconnect-20.08.3/plugins/notifications/notificationsplugin.h
Examining data/kdeconnect-20.08.3/plugins/notifications/notificationsdbusinterface.cpp
Examining data/kdeconnect-20.08.3/plugins/notifications/notification.h
Examining data/kdeconnect-20.08.3/plugins/notifications/sendreplydialog.h
Examining data/kdeconnect-20.08.3/plugins/notifications/sendreplydialog.cpp
Examining data/kdeconnect-20.08.3/plugins/notifications/notificationsdbusinterface.h
Examining data/kdeconnect-20.08.3/plugins/notifications/notification.cpp
Examining data/kdeconnect-20.08.3/plugins/notifications/notificationsplugin.cpp
Examining data/kdeconnect-20.08.3/plugins/remotecommands/remotecommandsplugin.cpp
Examining data/kdeconnect-20.08.3/plugins/remotecommands/remotecommandsplugin.h
Examining data/kdeconnect-20.08.3/plugins/presenter/presenterplugin.h
Examining data/kdeconnect-20.08.3/plugins/presenter/presenterplugin.cpp
Examining data/kdeconnect-20.08.3/plugins/mousepad/windowsremoteinput.cpp
Examining data/kdeconnect-20.08.3/plugins/mousepad/abstractremoteinput.cpp
Examining data/kdeconnect-20.08.3/plugins/mousepad/mousepadplugin.cpp
Examining data/kdeconnect-20.08.3/plugins/mousepad/macosremoteinput.h
Examining data/kdeconnect-20.08.3/plugins/mousepad/waylandremoteinput.h
Examining data/kdeconnect-20.08.3/plugins/mousepad/mousepadplugin.h
Examining data/kdeconnect-20.08.3/plugins/mousepad/abstractremoteinput.h
Examining data/kdeconnect-20.08.3/plugins/mousepad/waylandremoteinput.cpp
Examining data/kdeconnect-20.08.3/plugins/mousepad/windowsremoteinput.h
Examining data/kdeconnect-20.08.3/plugins/mousepad/x11remoteinput.cpp
Examining data/kdeconnect-20.08.3/plugins/mousepad/x11remoteinput.h
Examining data/kdeconnect-20.08.3/plugins/contacts/contactsplugin.h
Examining data/kdeconnect-20.08.3/plugins/contacts/contactsplugin.cpp
Examining data/kdeconnect-20.08.3/plugins/lockdevice/lockdeviceplugin.h
Examining data/kdeconnect-20.08.3/plugins/lockdevice/lockdeviceplugin.cpp
Examining data/kdeconnect-20.08.3/plugins/sms/smsplugin.h
Examining data/kdeconnect-20.08.3/plugins/sms/conversationsdbusinterface.cpp
Examining data/kdeconnect-20.08.3/plugins/sms/smsplugin.cpp
Examining data/kdeconnect-20.08.3/plugins/sms/requestconversationworker.h
Examining data/kdeconnect-20.08.3/plugins/sms/conversationsdbusinterface.h
Examining data/kdeconnect-20.08.3/plugins/sms/requestconversationworker.cpp
Examining data/kdeconnect-20.08.3/plugins/bigscreen/bigscreenplugin.cpp
Examining data/kdeconnect-20.08.3/plugins/bigscreen/bigscreenplugin.h
Examining data/kdeconnect-20.08.3/plugins/mprisremote/mprisremoteplayermediaplayer2.h
Examining data/kdeconnect-20.08.3/plugins/mprisremote/mprisremoteplayer.cpp
Examining data/kdeconnect-20.08.3/plugins/mprisremote/mprisremoteplayermediaplayer2player.h
Examining data/kdeconnect-20.08.3/plugins/mprisremote/mprisremoteplayermediaplayer2player.cpp
Examining data/kdeconnect-20.08.3/plugins/mprisremote/mprisremoteplayermediaplayer2.cpp
Examining data/kdeconnect-20.08.3/plugins/mprisremote/mprisremoteplugin.cpp
Examining data/kdeconnect-20.08.3/plugins/mprisremote/mprisremoteplayer.h
Examining data/kdeconnect-20.08.3/plugins/mprisremote/mprisremoteplugin.h
Examining data/kdeconnect-20.08.3/plugins/pausemusic/pausemusicplugin.cpp
Examining data/kdeconnect-20.08.3/plugins/pausemusic/pausemusicplugin.h
Examining data/kdeconnect-20.08.3/plugins/pausemusic/pausemusic_config.h
Examining data/kdeconnect-20.08.3/plugins/pausemusic/pausemusicplugin-win.h
Examining data/kdeconnect-20.08.3/plugins/pausemusic/pausemusic_config.cpp
Examining data/kdeconnect-20.08.3/plugins/pausemusic/pausemusicplugin-win.cpp
Examining data/kdeconnect-20.08.3/plugins/clipboard/clipboardplugin.h
Examining data/kdeconnect-20.08.3/plugins/clipboard/clipboardplugin.cpp
Examining data/kdeconnect-20.08.3/plugins/clipboard/clipboardlistener.cpp
Examining data/kdeconnect-20.08.3/plugins/clipboard/clipboardlistener.h
Examining data/kdeconnect-20.08.3/plugins/photo/photoplugin.cpp
Examining data/kdeconnect-20.08.3/plugins/photo/photoplugin.h
Examining data/kdeconnect-20.08.3/plugins/remotesystemvolume/remotesystemvolumeplugin.cpp
Examining data/kdeconnect-20.08.3/plugins/remotesystemvolume/remotesystemvolumeplugin.h
Examining data/kdeconnect-20.08.3/plugins/sftp/sftpplugin-win.cpp
Examining data/kdeconnect-20.08.3/plugins/sftp/sftpplugin-win.h
Examining data/kdeconnect-20.08.3/plugins/sftp/mountloop.h
Examining data/kdeconnect-20.08.3/plugins/sftp/sftpplugin.cpp
Examining data/kdeconnect-20.08.3/plugins/sftp/mounter.h
Examining data/kdeconnect-20.08.3/plugins/sftp/mountloop.cpp
Examining data/kdeconnect-20.08.3/plugins/sftp/sftpplugin.h
Examining data/kdeconnect-20.08.3/plugins/sftp/mounter.cpp
Examining data/kdeconnect-20.08.3/plugins/battery/batterydbusinterface.cpp
Examining data/kdeconnect-20.08.3/plugins/battery/batterydbusinterface.h
Examining data/kdeconnect-20.08.3/plugins/battery/batteryplugin.cpp
Examining data/kdeconnect-20.08.3/plugins/battery/batteryplugin.h
Examining data/kdeconnect-20.08.3/plugins/remotekeyboard/remotekeyboardplugin.cpp
Examining data/kdeconnect-20.08.3/plugins/remotekeyboard/remotekeyboardplugin.h
Examining data/kdeconnect-20.08.3/plugins/share/shareplugin.cpp
Examining data/kdeconnect-20.08.3/plugins/share/shareplugin.h
Examining data/kdeconnect-20.08.3/plugins/share/share_config.h
Examining data/kdeconnect-20.08.3/plugins/share/share_config.cpp
Examining data/kdeconnect-20.08.3/plugins/ping/pingplugin.cpp
Examining data/kdeconnect-20.08.3/plugins/ping/pingplugin.h
Examining data/kdeconnect-20.08.3/plugins/systemvolume/systemvolumeplugin-win.h
Examining data/kdeconnect-20.08.3/plugins/systemvolume/systemvolumeplugin-macos.h
Examining data/kdeconnect-20.08.3/plugins/systemvolume/systemvolumeplugin-win.cpp
Examining data/kdeconnect-20.08.3/plugins/systemvolume/systemvolumeplugin-pulse.cpp
Examining data/kdeconnect-20.08.3/plugins/systemvolume/systemvolumeplugin-macos.cpp
Examining data/kdeconnect-20.08.3/plugins/systemvolume/systemvolumeplugin-pulse.h
Examining data/kdeconnect-20.08.3/plugins/mpriscontrol/mpriscontrolplugin.cpp
Examining data/kdeconnect-20.08.3/plugins/mpriscontrol/mpriscontrolplugin.h
Examining data/kdeconnect-20.08.3/plugins/mpriscontrol/mpriscontrolplugin-win.h
Examining data/kdeconnect-20.08.3/plugins/mpriscontrol/mpriscontrolplugin-win.cpp
Examining data/kdeconnect-20.08.3/plugins/findmyphone/findmyphoneplugin.cpp
Examining data/kdeconnect-20.08.3/plugins/findmyphone/findmyphoneplugin.h
Examining data/kdeconnect-20.08.3/plugins/remotecontrol/remotecontrolplugin.h
Examining data/kdeconnect-20.08.3/plugins/remotecontrol/remotecontrolplugin.cpp
Examining data/kdeconnect-20.08.3/plugins/screensaver-inhibit/screensaverinhibitplugin.h
Examining data/kdeconnect-20.08.3/plugins/screensaver-inhibit/screensaverinhibitplugin-macos.h
Examining data/kdeconnect-20.08.3/plugins/screensaver-inhibit/screensaverinhibitplugin.cpp
Examining data/kdeconnect-20.08.3/plugins/screensaver-inhibit/screensaverinhibitplugin-macos.cpp
Examining data/kdeconnect-20.08.3/plugins/screensaver-inhibit/screensaverinhibitplugin-win.cpp
Examining data/kdeconnect-20.08.3/plugins/screensaver-inhibit/screensaverinhibitplugin-win.h
Examining data/kdeconnect-20.08.3/plugins/telephony/telephonyplugin.h
Examining data/kdeconnect-20.08.3/plugins/telephony/telephonyplugin.cpp
Examining data/kdeconnect-20.08.3/plugins/findthisdevice/findthisdeviceplugin.h
Examining data/kdeconnect-20.08.3/plugins/findthisdevice/findthisdevice_config.h
Examining data/kdeconnect-20.08.3/plugins/findthisdevice/findthisdevice_config.cpp
Examining data/kdeconnect-20.08.3/plugins/findthisdevice/findthisdeviceplugin.cpp
Examining data/kdeconnect-20.08.3/plugins/runcommand/runcommand_config.cpp
Examining data/kdeconnect-20.08.3/plugins/runcommand/runcommand_config.h
Examining data/kdeconnect-20.08.3/plugins/runcommand/runcommandplugin.cpp
Examining data/kdeconnect-20.08.3/plugins/runcommand/runcommandplugin.h
Examining data/kdeconnect-20.08.3/indicator/deviceindicator.h
Examining data/kdeconnect-20.08.3/indicator/deviceindicator.cpp
Examining data/kdeconnect-20.08.3/indicator/indicatorhelper_win.cpp
Examining data/kdeconnect-20.08.3/indicator/indicatorhelper_mac.cpp
Examining data/kdeconnect-20.08.3/indicator/indicatorhelper.cpp
Examining data/kdeconnect-20.08.3/indicator/indicatorhelper.h
Examining data/kdeconnect-20.08.3/indicator/main.cpp
Examining data/kdeconnect-20.08.3/indicator/serviceregister_mac.h
FINAL RESULTS:
data/kdeconnect-20.08.3/cli/kdeconnect-cli.cpp:296:23: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if(in.open(stdin,QIODevice::ReadOnly | QIODevice::Unbuffered)) {
data/kdeconnect-20.08.3/core/backends/bluetooth/bluetoothuploadjob.cpp:47:17: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!mData->open(QIODevice::ReadOnly)) {
data/kdeconnect-20.08.3/core/backends/bluetooth/multiplexchannel.cpp:26:16: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
QIODevice::open(QIODevice::ReadWrite);
data/kdeconnect-20.08.3/core/backends/lan/uploadjob.cpp:46:20: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!m_input->open(QIODevice::ReadOnly)) {
data/kdeconnect-20.08.3/core/backends/loopback/loopbackdevicelink.cpp:43:35: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
bool b = input.payload()->open(QIODevice::ReadOnly);
data/kdeconnect-20.08.3/core/kdeconnectconfig.cpp:227:37: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (privKey.exists() && privKey.open(QIODevice::ReadOnly)) {
data/kdeconnect-20.08.3/core/kdeconnectconfig.cpp:254:31: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (cert.exists() && cert.open(QIODevice::ReadOnly)) {
data/kdeconnect-20.08.3/core/kdeconnectconfig.cpp:285:18: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!privKey.open(QIODevice::ReadWrite | QIODevice::Truncate)) {
data/kdeconnect-20.08.3/core/kdeconnectconfig.cpp:330:15: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!cert.open(QIODevice::ReadWrite | QIODevice::Truncate)) {
data/kdeconnect-20.08.3/core/kdeconnectconfig.cpp:358:26: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!dbusAddressFile.open(QFile::ReadOnly | QFile::Text)) {
data/kdeconnect-20.08.3/plugins/contacts/contactsplugin.cpp:119:24: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!vcardFile.open(QIODevice::ReadOnly)) {
data/kdeconnect-20.08.3/plugins/contacts/contactsplugin.cpp:172:42: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
bool vcardFileOpened = vcardFile.open(QIODevice::WriteOnly); // Want to smash anything that might have already been there
data/kdeconnect-20.08.3/plugins/findthisdevice/findthisdeviceplugin.h:60:5: [2] (buffer) wchar_t:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
wchar_t infoBuf[INFO_BUFFER_SIZE];
data/kdeconnect-20.08.3/plugins/mousepad/x11remoteinput.cpp:98:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char map[20];
data/kdeconnect-20.08.3/plugins/sendnotifications/notificationslistener.cpp:155:29: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!buffer || !buffer->open(QIODevice::WriteOnly) ||
data/kdeconnect-20.08.3/plugins/share/shareplugin.cpp:89:49: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!receivedFile.exists() || !receivedFile.open(QIODevice::ReadWrite | QIODevice::Text)) {
data/kdeconnect-20.08.3/plugins/share/shareplugin.cpp:134:68: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
connect(job, &KJob::result, this, [this, dateModified, open] (KJob* job) -> void { finished(job, dateModified, open); });
data/kdeconnect-20.08.3/plugins/share/shareplugin.cpp:134:124: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
connect(job, &KJob::result, this, [this, dateModified, open] (KJob* job) -> void { finished(job, dateModified, open); });
data/kdeconnect-20.08.3/plugins/share/shareplugin.cpp:142:18: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
file.open(QIODevice::WriteOnly);
data/kdeconnect-20.08.3/plugins/share/shareplugin.cpp:161:21: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
tmpFile.open();
data/kdeconnect-20.08.3/plugins/share/shareplugin.cpp:180:77: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
void SharePlugin::finished(KJob* job, const qint64 dateModified, const bool open)
data/kdeconnect-20.08.3/plugins/share/shareplugin.cpp:187:13: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (open) {
data/kdeconnect-20.08.3/plugins/share/shareplugin.cpp:200:50: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
void SharePlugin::shareUrl(const QUrl& url, bool open)
data/kdeconnect-20.08.3/plugins/share/shareplugin.cpp:212:54: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
packet.set<bool>(QStringLiteral("open"), open);
data/kdeconnect-20.08.3/plugins/share/shareplugin.h:58:68: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
void finished(KJob* job, const qint64 dateModified, const bool open);
data/kdeconnect-20.08.3/plugins/share/shareplugin.h:59:41: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
void shareUrl(const QUrl& url, bool open);
data/kdeconnect-20.08.3/tests/sendfiletest.cpp:76:18: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
temp.open();
data/kdeconnect-20.08.3/tests/sendfiletest.cpp:92:26: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
QVERIFY(file.open(QIODevice::ReadOnly));
data/kdeconnect-20.08.3/tests/sendfiletest.cpp:124:16: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
f->open(QIODevice::ReadWrite);
data/kdeconnect-20.08.3/tests/sendfiletest.cpp:143:32: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
QVERIFY(resultFile.open(QIODevice::ReadOnly));
data/kdeconnect-20.08.3/tests/sendfiletest.cpp:144:32: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
QVERIFY(originFile.open(QIODevice::ReadOnly));
data/kdeconnect-20.08.3/urlhandler/kdeconnect-handler.cpp:60:10: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
bool open;
data/kdeconnect-20.08.3/urlhandler/kdeconnect-handler.cpp:94:44: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
} else if (urlToShare.isLocalFile() && open) {
data/kdeconnect-20.08.3/urlhandler/kdeconnect-handler.cpp:112:36: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
const QString action = open && url.isLocalFile() ? QStringLiteral("openFile") : QStringLiteral("shareUrl");
data/kdeconnect-20.08.3/core/backends/bluetooth/bluetoothuploadjob.cpp:60:50: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
int bytesWritten = mSocket->write(mData->read(bytes));
data/kdeconnect-20.08.3/core/backends/bluetooth/connectionmultiplexer.cpp:118:34: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
QByteArray header = mSocket->read(19);
data/kdeconnect-20.08.3/core/backends/bluetooth/connectionmultiplexer.cpp:137:32: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
QByteArray data = mSocket->read(message_length);
data/kdeconnect-20.08.3/core/backends/lan/uploadjob.cpp:72:51: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
bytesUploading = m_socket->write(m_input->read(bytesToSend));
data/kdeconnect-20.08.3/interfaces/conversationmessage.cpp:48:77: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
const qint32& type, const qint32& read,
data/kdeconnect-20.08.3/interfaces/conversationmessage.cpp:57:14: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
, m_read(read)
data/kdeconnect-20.08.3/interfaces/conversationmessage.h:63:79: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
const qint64& date, const qint32& type, const qint32& read,
data/kdeconnect-20.08.3/interfaces/conversationmessage.h:77:12: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
qint32 read() const { return m_read; }
data/kdeconnect-20.08.3/interfaces/conversationmessage.h:169:25: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
<< message.read()
data/kdeconnect-20.08.3/interfaces/conversationmessage.h:184:12: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
qint32 read;
data/kdeconnect-20.08.3/interfaces/conversationmessage.h:195:17: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
argument >> read;
data/kdeconnect-20.08.3/interfaces/conversationmessage.h:201:71: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
message = ConversationMessage(event, body, addresses, date, type, read, threadID, uID, m_subID);
ANALYSIS SUMMARY:
Hits = 46
Lines analyzed = 28786 in approximately 0.98 seconds (29365 lines/second)
Physical Source Lines of Code (SLOC) = 17739
Hits@level = [0] 1 [1] 12 [2] 34 [3] 0 [4] 0 [5] 0
Hits@level+ = [0+] 47 [1+] 46 [2+] 34 [3+] 0 [4+] 0 [5+] 0
Hits/KSLOC@level+ = [0+] 2.64953 [1+] 2.59316 [2+] 1.91668 [3+] 0 [4+] 0 [5+] 0
Dot directories skipped = 2 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.