Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler. Number of rules (primarily dangerous function names) in C/C++ ruleset: 223 Examining data/kgeography-20.08.3/src/boxasker.h Examining data/kgeography-20.08.3/src/kgeography.h Examining data/kgeography-20.08.3/src/mapchooser.cpp Examining data/kgeography-20.08.3/src/division.h Examining data/kgeography-20.08.3/src/kgeography.cpp Examining data/kgeography-20.08.3/src/popupmanager.h Examining data/kgeography-20.08.3/src/flagdivisionasker.cpp Examining data/kgeography-20.08.3/src/map.h Examining data/kgeography-20.08.3/src/divisioncapitalasker.cpp Examining data/kgeography-20.08.3/src/capitaldivisionasker.h Examining data/kgeography-20.08.3/src/askwidget.cpp Examining data/kgeography-20.08.3/src/mypopup.cpp Examining data/kgeography-20.08.3/src/mypopup.h Examining data/kgeography-20.08.3/src/placemapwidget.h Examining data/kgeography-20.08.3/src/integerinputdialog.cpp Examining data/kgeography-20.08.3/src/answer.h Examining data/kgeography-20.08.3/src/divisionflagasker.h Examining data/kgeography-20.08.3/src/map.cpp Examining data/kgeography-20.08.3/src/mapwidget.h Examining data/kgeography-20.08.3/src/answersdialog.h Examining data/kgeography-20.08.3/src/popupmanager.cpp Examining data/kgeography-20.08.3/src/placeasker.cpp Examining data/kgeography-20.08.3/src/mapchooser.h Examining data/kgeography-20.08.3/src/capitaldivisionasker.cpp Examining data/kgeography-20.08.3/src/boxasker.cpp Examining data/kgeography-20.08.3/src/answer.cpp Examining data/kgeography-20.08.3/src/main.cpp Examining data/kgeography-20.08.3/src/divisioncapitalasker.h Examining data/kgeography-20.08.3/src/placemapwidget.cpp Examining data/kgeography-20.08.3/src/mapparser.h Examining data/kgeography-20.08.3/src/answersdialog.cpp Examining data/kgeography-20.08.3/src/division.cpp Examining data/kgeography-20.08.3/src/mapasker.cpp Examining data/kgeography-20.08.3/src/mapasker.h Examining data/kgeography-20.08.3/src/divisionflagasker.cpp Examining data/kgeography-20.08.3/src/flagdivisionasker.h Examining data/kgeography-20.08.3/src/mapwidget.cpp Examining data/kgeography-20.08.3/src/integerinputdialog.h Examining data/kgeography-20.08.3/src/placeasker.h Examining data/kgeography-20.08.3/src/askwidget.h Examining data/kgeography-20.08.3/src/mapparser.cpp FINAL RESULTS: data/kgeography-20.08.3/src/mapasker.cpp:29:34: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. QLocale systemLocale = QLocale::system(); data/kgeography-20.08.3/src/boxasker.cpp:196:50: [3] (random) random: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. p_position = (int)((float)NB_CHOICES * KRandom::random() / (RAND_MAX + 1.0)); data/kgeography-20.08.3/src/divisioncapitalasker.cpp:44:63: [3] (random) random: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. int random = (int)((float)falseCapitals.size() * KRandom::random() / (RAND_MAX + 1.0)); data/kgeography-20.08.3/src/divisioncapitalasker.cpp:45:45: [3] (random) random: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. QString falseCapital = falseCapitals.at(random); data/kgeography-20.08.3/src/divisioncapitalasker.cpp:46:28: [3] (random) random: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. falseCapitals.removeAt(random); data/kgeography-20.08.3/src/map.cpp:157:53: [3] (random) random: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. int i = (int)((float)p_divisions.size() * KRandom::random() / (RAND_MAX + 1.0)); data/kgeography-20.08.3/src/mapasker.cpp:238:37: [3] (random) random: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. int o = int(float(i) * KRandom::random() / (RAND_MAX + 1.0)); data/kgeography-20.08.3/src/kgeography.cpp:108:32: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). QAction *a = KStandardAction::open(this, SLOT(openMap()), actionCollection()); data/kgeography-20.08.3/src/mapparser.cpp:36:15: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if (xmlFile.open(QIODevice::ReadOnly)) ANALYSIS SUMMARY: Hits = 9 Lines analyzed = 4697 in approximately 0.27 seconds (17542 lines/second) Physical Source Lines of Code (SLOC) = 3469 Hits@level = [0] 0 [1] 0 [2] 2 [3] 6 [4] 1 [5] 0 Hits@level+ = [0+] 9 [1+] 9 [2+] 9 [3+] 7 [4+] 1 [5+] 0 Hits/KSLOC@level+ = [0+] 2.59441 [1+] 2.59441 [2+] 2.59441 [3+] 2.01787 [4+] 0.288268 [5+] 0 Dot directories skipped = 1 (--followdotdir overrides) Minimum risk level = 1 Not every hit is necessarily a security vulnerability. There may be other security vulnerabilities; review your code! See 'Secure Programming HOWTO' (https://dwheeler.com/secure-programs) for more information.