Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler. Number of rules (primarily dangerous function names) in C/C++ ruleset: 223 Examining data/kitinerary-20.08.2/autotests/extractorutiltest.cpp Examining data/kitinerary-20.08.2/autotests/structureddataextractortest.cpp Examining data/kitinerary-20.08.2/autotests/postprocessortest.cpp Examining data/kitinerary-20.08.2/autotests/bcbpparsertest.cpp Examining data/kitinerary-20.08.2/autotests/pdfdocumenttest.cpp Examining data/kitinerary-20.08.2/autotests/mergeutiltest.cpp Examining data/kitinerary-20.08.2/autotests/berencodertest.cpp Examining data/kitinerary-20.08.2/autotests/calendarhandlertest.cpp Examining data/kitinerary-20.08.2/autotests/extractorvalidatortest.cpp Examining data/kitinerary-20.08.2/autotests/jsonlddocumenttest.cpp Examining data/kitinerary-20.08.2/autotests/knowledgedbtest.cpp Examining data/kitinerary-20.08.2/autotests/filetest.cpp Examining data/kitinerary-20.08.2/autotests/datatypestest.cpp Examining data/kitinerary-20.08.2/autotests/locationutiltest.cpp Examining data/kitinerary-20.08.2/autotests/extractortest.cpp Examining data/kitinerary-20.08.2/autotests/pkpassextractortest.cpp Examining data/kitinerary-20.08.2/autotests/berdecodertest.cpp Examining data/kitinerary-20.08.2/autotests/airportdbtest.cpp Examining data/kitinerary-20.08.2/autotests/documentutiltest.cpp Examining data/kitinerary-20.08.2/autotests/bitarraytest.cpp Examining data/kitinerary-20.08.2/autotests/stringutiltest.cpp Examining data/kitinerary-20.08.2/autotests/barcodedecodertest.cpp Examining data/kitinerary-20.08.2/autotests/vdvtickettest.cpp Examining data/kitinerary-20.08.2/autotests/htmldocumenttest.cpp Examining data/kitinerary-20.08.2/autotests/extractorrepositorytest.cpp Examining data/kitinerary-20.08.2/autotests/jsapitest.cpp Examining data/kitinerary-20.08.2/autotests/rct2parsertest.cpp Examining data/kitinerary-20.08.2/autotests/extractorinputtest.cpp Examining data/kitinerary-20.08.2/autotests/uic9183parsertest.cpp Examining data/kitinerary-20.08.2/src/documentutil.cpp Examining data/kitinerary-20.08.2/src/htmldocument.h Examining data/kitinerary-20.08.2/src/jsonlddocument.h Examining data/kitinerary-20.08.2/src/stringutil.cpp Examining data/kitinerary-20.08.2/src/extractorrepository.cpp Examining data/kitinerary-20.08.2/src/extractorpostprocessor.h Examining data/kitinerary-20.08.2/src/calendarhandler.cpp Examining data/kitinerary-20.08.2/src/vdv/vdvticketparser.h Examining data/kitinerary-20.08.2/src/vdv/certs/cert-downloader.cpp Examining data/kitinerary-20.08.2/src/vdv/iso9796_2decoder_p.h Examining data/kitinerary-20.08.2/src/vdv/vdvcertificate_p.h Examining data/kitinerary-20.08.2/src/vdv/vdvticketparser.cpp Examining data/kitinerary-20.08.2/src/vdv/vdvcertificate.cpp Examining data/kitinerary-20.08.2/src/vdv/iso9796_2decoder.cpp Examining data/kitinerary-20.08.2/src/vdv/vdvdata_p.h Examining data/kitinerary-20.08.2/src/vdv/vdvticket.h Examining data/kitinerary-20.08.2/src/vdv/vdvticket.cpp Examining data/kitinerary-20.08.2/src/extractorcapabilities.h Examining data/kitinerary-20.08.2/src/jsonlddocument.cpp Examining data/kitinerary-20.08.2/src/jsonldimportfilter.h Examining data/kitinerary-20.08.2/src/flightpostprocessor_p.h Examining data/kitinerary-20.08.2/src/htmldocument.cpp Examining data/kitinerary-20.08.2/src/qimagepurebinarizer.h Examining data/kitinerary-20.08.2/src/pdf/pdfvectorpicture.cpp Examining data/kitinerary-20.08.2/src/pdf/pdfvectorpicture_p.h Examining data/kitinerary-20.08.2/src/pdf/pdfextractoroutputdevice_p.h Examining data/kitinerary-20.08.2/src/pdf/popplerutils_p.h Examining data/kitinerary-20.08.2/src/pdf/popplerglobalparams_p.h Examining data/kitinerary-20.08.2/src/pdf/popplertypes_p.h Examining data/kitinerary-20.08.2/src/pdf/pdfimage_p.h Examining data/kitinerary-20.08.2/src/pdf/pdfimage.h Examining data/kitinerary-20.08.2/src/pdf/pdfimage.cpp Examining data/kitinerary-20.08.2/src/pdf/popplerglobalparams.cpp Examining data/kitinerary-20.08.2/src/pdf/pdfdocument.h Examining data/kitinerary-20.08.2/src/pdf/pdfdocument.cpp Examining data/kitinerary-20.08.2/src/pdf/pdfextractoroutputdevice.cpp Examining data/kitinerary-20.08.2/src/pdf/pdfdocument_p.h Examining data/kitinerary-20.08.2/src/pdf/popplerutils.cpp Examining data/kitinerary-20.08.2/src/tlv/berelement.cpp Examining data/kitinerary-20.08.2/src/tlv/berelement_p.h Examining data/kitinerary-20.08.2/src/cli/main.cpp Examining data/kitinerary-20.08.2/src/documentutil.h Examining data/kitinerary-20.08.2/src/extractor.h Examining data/kitinerary-20.08.2/src/jsonldimportfilter.cpp Examining data/kitinerary-20.08.2/src/jsapi/bitarray.cpp Examining data/kitinerary-20.08.2/src/jsapi/bitarray.h Examining data/kitinerary-20.08.2/src/jsapi/jsonld.cpp Examining data/kitinerary-20.08.2/src/jsapi/barcode.cpp Examining data/kitinerary-20.08.2/src/jsapi/jsonld.h Examining data/kitinerary-20.08.2/src/jsapi/context.cpp Examining data/kitinerary-20.08.2/src/jsapi/barcode.h Examining data/kitinerary-20.08.2/src/jsapi/context.h Examining data/kitinerary-20.08.2/src/extractorfilter.h Examining data/kitinerary-20.08.2/src/stringutil.h Examining data/kitinerary-20.08.2/src/locationutil.cpp Examining data/kitinerary-20.08.2/src/extractorpostprocessor.cpp Examining data/kitinerary-20.08.2/src/barcodedecoder.cpp Examining data/kitinerary-20.08.2/src/extractorcapabilities.cpp Examining data/kitinerary-20.08.2/src/mergeutil.cpp Examining data/kitinerary-20.08.2/src/extractorutil.cpp Examining data/kitinerary-20.08.2/src/generic/genericvdvextractor_p.h Examining data/kitinerary-20.08.2/src/generic/structureddataextractor_p.h Examining data/kitinerary-20.08.2/src/generic/genericextractor_p.h Examining data/kitinerary-20.08.2/src/generic/genericextractor.cpp Examining data/kitinerary-20.08.2/src/generic/genericpkpassextractor_p.h Examining data/kitinerary-20.08.2/src/generic/genericuic918extractor.cpp Examining data/kitinerary-20.08.2/src/generic/genericicalextractor_p.h Examining data/kitinerary-20.08.2/src/generic/genericpdfextractor_p.h Examining data/kitinerary-20.08.2/src/generic/genericuic918extractor_p.h Examining data/kitinerary-20.08.2/src/generic/genericpdfextractor.cpp Examining data/kitinerary-20.08.2/src/generic/structureddataextractor.cpp Examining data/kitinerary-20.08.2/src/generic/genericicalextractor.cpp Examining data/kitinerary-20.08.2/src/generic/genericvdvextractor.cpp Examining data/kitinerary-20.08.2/src/generic/genericpkpassextractor.cpp Examining data/kitinerary-20.08.2/src/extractorpostprocessor_p.h Examining data/kitinerary-20.08.2/src/calendarhandler.h Examining data/kitinerary-20.08.2/src/uic9183/uic9183ticketlayout.cpp Examining data/kitinerary-20.08.2/src/uic9183/vendor0080block.cpp Examining data/kitinerary-20.08.2/src/uic9183/uic9183block.cpp Examining data/kitinerary-20.08.2/src/uic9183/uic9183parser.h Examining data/kitinerary-20.08.2/src/uic9183/uic9183block.h Examining data/kitinerary-20.08.2/src/uic9183/rct2ticket.h Examining data/kitinerary-20.08.2/src/uic9183/uic9183parser.cpp Examining data/kitinerary-20.08.2/src/uic9183/rct2ticket.cpp Examining data/kitinerary-20.08.2/src/uic9183/uic9183ticketlayout.h Examining data/kitinerary-20.08.2/src/uic9183/vendor0080block.h Examining data/kitinerary-20.08.2/src/extractorvalidator.h Examining data/kitinerary-20.08.2/src/datatypes/action.cpp Examining data/kitinerary-20.08.2/src/datatypes/flight.h Examining data/kitinerary-20.08.2/src/datatypes/traintrip.h Examining data/kitinerary-20.08.2/src/datatypes/rentalcar.cpp Examining data/kitinerary-20.08.2/src/datatypes/creativework.cpp Examining data/kitinerary-20.08.2/src/datatypes/action.h Examining data/kitinerary-20.08.2/src/datatypes/reservation.cpp Examining data/kitinerary-20.08.2/src/datatypes/event.cpp Examining data/kitinerary-20.08.2/src/datatypes/brand.cpp Examining data/kitinerary-20.08.2/src/datatypes/taxi.cpp Examining data/kitinerary-20.08.2/src/datatypes/bustrip.cpp Examining data/kitinerary-20.08.2/src/datatypes/person.h Examining data/kitinerary-20.08.2/src/datatypes/ticket.cpp Examining data/kitinerary-20.08.2/src/datatypes/datatypes.h Examining data/kitinerary-20.08.2/src/datatypes/organization.h Examining data/kitinerary-20.08.2/src/datatypes/visit.h Examining data/kitinerary-20.08.2/src/datatypes/place.cpp Examining data/kitinerary-20.08.2/src/datatypes/taxi.h Examining data/kitinerary-20.08.2/src/datatypes/visit.cpp Examining data/kitinerary-20.08.2/src/datatypes/flight.cpp Examining data/kitinerary-20.08.2/src/datatypes/rentalcar.h Examining data/kitinerary-20.08.2/src/datatypes/datatypes_p.h Examining data/kitinerary-20.08.2/src/datatypes/creativework.h Examining data/kitinerary-20.08.2/src/datatypes/place.h Examining data/kitinerary-20.08.2/src/datatypes/reservation.h Examining data/kitinerary-20.08.2/src/datatypes/person.cpp Examining data/kitinerary-20.08.2/src/datatypes/event.h Examining data/kitinerary-20.08.2/src/datatypes/traintrip.cpp Examining data/kitinerary-20.08.2/src/datatypes/organization.cpp Examining data/kitinerary-20.08.2/src/datatypes/ticket.h Examining data/kitinerary-20.08.2/src/datatypes/bustrip.h Examining data/kitinerary-20.08.2/src/datatypes/brand.h Examining data/kitinerary-20.08.2/src/extractorfilter.cpp Examining data/kitinerary-20.08.2/src/qimagepurebinarizer.cpp Examining data/kitinerary-20.08.2/src/mergeutil.h Examining data/kitinerary-20.08.2/src/extractorengine.h Examining data/kitinerary-20.08.2/src/extractorengine.cpp Examining data/kitinerary-20.08.2/src/file.h Examining data/kitinerary-20.08.2/src/extractorutil.h Examining data/kitinerary-20.08.2/src/extractor.cpp Examining data/kitinerary-20.08.2/src/knowledgedb-generator/trainstationdbgenerator.cpp Examining data/kitinerary-20.08.2/src/knowledgedb-generator/osmairportdb.cpp Examining data/kitinerary-20.08.2/src/knowledgedb-generator/codegen.cpp Examining data/kitinerary-20.08.2/src/knowledgedb-generator/util.h Examining data/kitinerary-20.08.2/src/knowledgedb-generator/timezones.cpp Examining data/kitinerary-20.08.2/src/knowledgedb-generator/countrydbgenerator.h Examining data/kitinerary-20.08.2/src/knowledgedb-generator/wikidata.cpp Examining data/kitinerary-20.08.2/src/knowledgedb-generator/wikidata.h Examining data/kitinerary-20.08.2/src/knowledgedb-generator/main.cpp Examining data/kitinerary-20.08.2/src/knowledgedb-generator/codegen.h Examining data/kitinerary-20.08.2/src/knowledgedb-generator/airportdbgenerator.h Examining data/kitinerary-20.08.2/src/knowledgedb-generator/airportdbgenerator.cpp Examining data/kitinerary-20.08.2/src/knowledgedb-generator/timezonedbgenerator.h Examining data/kitinerary-20.08.2/src/knowledgedb-generator/osmairportdb.h Examining data/kitinerary-20.08.2/src/knowledgedb-generator/timezonedbgenerator.cpp Examining data/kitinerary-20.08.2/src/knowledgedb-generator/util.cpp Examining data/kitinerary-20.08.2/src/knowledgedb-generator/countrydbgenerator.cpp Examining data/kitinerary-20.08.2/src/knowledgedb-generator/timezones.h Examining data/kitinerary-20.08.2/src/knowledgedb-generator/trainstationdbgenerator.h Examining data/kitinerary-20.08.2/src/extractorrepository.h Examining data/kitinerary-20.08.2/src/extractorinput.cpp Examining data/kitinerary-20.08.2/src/barcodedecoder.h Examining data/kitinerary-20.08.2/src/extractorinput.h Examining data/kitinerary-20.08.2/src/sortutil.h Examining data/kitinerary-20.08.2/src/osm/geomath.cpp Examining data/kitinerary-20.08.2/src/osm/xmlparser.h Examining data/kitinerary-20.08.2/src/osm/datatypes.cpp Examining data/kitinerary-20.08.2/src/osm/datatypes.h Examining data/kitinerary-20.08.2/src/osm/xmlparser.cpp Examining data/kitinerary-20.08.2/src/osm/geomath.h Examining data/kitinerary-20.08.2/src/osm/element.h Examining data/kitinerary-20.08.2/src/osm/element.cpp Examining data/kitinerary-20.08.2/src/file.cpp Examining data/kitinerary-20.08.2/src/sortutil.cpp Examining data/kitinerary-20.08.2/src/locationutil.h Examining data/kitinerary-20.08.2/src/iatabcbpparser.h Examining data/kitinerary-20.08.2/src/extractorvalidator.cpp Examining data/kitinerary-20.08.2/src/flightpostprocessor.cpp Examining data/kitinerary-20.08.2/src/knowledgedb/countrydb.h Examining data/kitinerary-20.08.2/src/knowledgedb/trainstationdb.cpp Examining data/kitinerary-20.08.2/src/knowledgedb/countrydb.cpp Examining data/kitinerary-20.08.2/src/knowledgedb/timezonedb_p.h Examining data/kitinerary-20.08.2/src/knowledgedb/trainstationdb.h Examining data/kitinerary-20.08.2/src/knowledgedb/trainstationdb_data.cpp Examining data/kitinerary-20.08.2/src/knowledgedb/timezonedb.h Examining data/kitinerary-20.08.2/src/knowledgedb/timezonedb_data.cpp Examining data/kitinerary-20.08.2/src/knowledgedb/knowledgedb.h Examining data/kitinerary-20.08.2/src/knowledgedb/timezone_zindex.cpp Examining data/kitinerary-20.08.2/src/knowledgedb/airportdb.cpp Examining data/kitinerary-20.08.2/src/knowledgedb/alphaid.cpp Examining data/kitinerary-20.08.2/src/knowledgedb/alphaid.h Examining data/kitinerary-20.08.2/src/knowledgedb/iatacode.h Examining data/kitinerary-20.08.2/src/knowledgedb/knowledgedb.cpp Examining data/kitinerary-20.08.2/src/knowledgedb/iatacode.cpp Examining data/kitinerary-20.08.2/src/knowledgedb/airportdb_data.cpp Examining data/kitinerary-20.08.2/src/knowledgedb/countrydb_p.h Examining data/kitinerary-20.08.2/src/knowledgedb/countrydb_data.cpp Examining data/kitinerary-20.08.2/src/knowledgedb/airportdb_p.h Examining data/kitinerary-20.08.2/src/knowledgedb/timezonedb_data.h Examining data/kitinerary-20.08.2/src/knowledgedb/airportdb.h Examining data/kitinerary-20.08.2/src/knowledgedb/timezonedb.cpp Examining data/kitinerary-20.08.2/src/iatabcbpparser.cpp FINAL RESULTS: data/kitinerary-20.08.2/autotests/bcbpparsertest.cpp:61:19: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). QVERIFY(f.open(QFile::ReadOnly)); data/kitinerary-20.08.2/autotests/berencodertest.cpp:41:24: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). QVERIFY(buffer.open(QIODevice::WriteOnly)); data/kitinerary-20.08.2/autotests/calendarhandlertest.cpp:59:19: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). QVERIFY(f.open(QFile::ReadOnly)); data/kitinerary-20.08.2/autotests/calendarhandlertest.cpp:119:19: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). QVERIFY(f.open(QFile::ReadOnly)); data/kitinerary-20.08.2/autotests/calendarhandlertest.cpp:141:19: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). QVERIFY(f.open(QFile::ReadOnly)); data/kitinerary-20.08.2/autotests/extractortest.cpp:92:24: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). QVERIFY(inFile.open(QFile::ReadOnly)); data/kitinerary-20.08.2/autotests/extractortest.cpp:96:16: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if (cf.open(QFile::ReadOnly)) { data/kitinerary-20.08.2/autotests/extractortest.cpp:154:23: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). QVERIFY(f.open(QFile::WriteOnly)); data/kitinerary-20.08.2/autotests/extractortest.cpp:160:19: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). QVERIFY(f.open(QFile::ReadOnly)); data/kitinerary-20.08.2/autotests/extractortest.cpp:164:30: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). QVERIFY(failFile.open(QFile::WriteOnly)); data/kitinerary-20.08.2/autotests/extractorvalidatortest.cpp:27:11: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). f.open(QFile::ReadOnly); data/kitinerary-20.08.2/autotests/extractorvalidatortest.cpp:79:19: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). QVERIFY(f.open(QFile::ReadOnly)); data/kitinerary-20.08.2/autotests/extractorvalidatortest.cpp:92:21: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). QVERIFY(ref.open(QFile::ReadOnly)); data/kitinerary-20.08.2/autotests/filetest.cpp:32:21: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). QVERIFY(tmp.open()); data/kitinerary-20.08.2/autotests/filetest.cpp:37:21: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). QVERIFY(out.open(File::Write)); data/kitinerary-20.08.2/autotests/filetest.cpp:41:29: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). QVERIFY(resFile.open(QFile::ReadOnly)); data/kitinerary-20.08.2/autotests/filetest.cpp:47:30: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). QVERIFY(passFile.open(QFile::ReadOnly)); data/kitinerary-20.08.2/autotests/filetest.cpp:67:20: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). QVERIFY(in.open(File::Read)); data/kitinerary-20.08.2/autotests/filetest.cpp:109:20: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). QVERIFY(!f.open(File::Read)); data/kitinerary-20.08.2/autotests/filetest.cpp:111:20: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). QVERIFY(!f.open(File::Read)); data/kitinerary-20.08.2/autotests/filetest.cpp:115:21: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). QVERIFY(tmp.open()); data/kitinerary-20.08.2/autotests/filetest.cpp:118:19: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). QVERIFY(f.open(File::Write)); data/kitinerary-20.08.2/autotests/htmldocumenttest.cpp:23:19: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). QVERIFY(f.open(QFile::ReadOnly)); data/kitinerary-20.08.2/autotests/htmldocumenttest.cpp:67:19: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). QVERIFY(f.open(QFile::ReadOnly)); data/kitinerary-20.08.2/autotests/htmldocumenttest.cpp:92:19: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). QVERIFY(f.open(QFile::ReadOnly)); data/kitinerary-20.08.2/autotests/jsonlddocumenttest.cpp:35:11: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). f.open(QFile::ReadOnly); data/kitinerary-20.08.2/autotests/jsonlddocumenttest.cpp:441:23: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). QVERIFY(f.open(QFile::WriteOnly)); data/kitinerary-20.08.2/autotests/mergeutiltest.cpp:35:11: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). f.open(QFile::ReadOnly); data/kitinerary-20.08.2/autotests/pdfdocumenttest.cpp:30:19: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). QVERIFY(f.open(QFile::ReadOnly)); data/kitinerary-20.08.2/autotests/pdfdocumenttest.cpp:79:19: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). QVERIFY(f.open(QFile::ReadOnly)); data/kitinerary-20.08.2/autotests/pkpassextractortest.cpp:75:21: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). QVERIFY(ref.open(QFile::ReadOnly)); data/kitinerary-20.08.2/autotests/postprocessortest.cpp:50:19: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). QVERIFY(f.open(QFile::ReadOnly)); data/kitinerary-20.08.2/autotests/postprocessortest.cpp:64:21: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). QVERIFY(ref.open(QFile::ReadOnly)); data/kitinerary-20.08.2/autotests/rct2parsertest.cpp:48:19: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). QVERIFY(f.open(QFile::ReadOnly)); data/kitinerary-20.08.2/autotests/rct2parsertest.cpp:59:21: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). QVERIFY(ref.open(QFile::ReadOnly)); data/kitinerary-20.08.2/autotests/structureddataextractortest.cpp:47:19: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). QVERIFY(f.open(QFile::ReadOnly)); data/kitinerary-20.08.2/autotests/structureddataextractortest.cpp:52:21: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). QVERIFY(ref.open(QFile::ReadOnly)); data/kitinerary-20.08.2/autotests/uic9183parsertest.cpp:46:19: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). QVERIFY(f.open(QFile::ReadOnly)); data/kitinerary-20.08.2/autotests/uic9183parsertest.cpp:53:21: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). QVERIFY(ref.open(QFile::ReadOnly)); data/kitinerary-20.08.2/autotests/uic9183parsertest.cpp:79:19: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). QVERIFY(f.open(QFile::ReadOnly)); data/kitinerary-20.08.2/src/cli/main.cpp:153:20: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if (!f.open(QFile::ReadOnly)) { data/kitinerary-20.08.2/src/cli/main.cpp:158:15: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). f.open(stdin, QFile::ReadOnly); data/kitinerary-20.08.2/src/extractorengine.cpp:644:12: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if (!f.open(QFile::ReadOnly)) { data/kitinerary-20.08.2/src/extractorrepository.cpp:274:23: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if (!file.open(QFile::ReadOnly)) { data/kitinerary-20.08.2/src/file.cpp:67:12: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). bool File::open(File::OpenMode mode) const data/kitinerary-20.08.2/src/file.cpp:75:22: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if (!d->zipFile->open(mode == File::Write ? QIODevice::WriteOnly : QIODevice::ReadOnly)) { data/kitinerary-20.08.2/src/file.h:59:10: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). bool open(OpenMode mode) const; data/kitinerary-20.08.2/src/knowledgedb-generator/main.cpp:33:14: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if (!out.open(QFile::WriteOnly)) { data/kitinerary-20.08.2/src/knowledgedb-generator/osmairportdb.cpp:25:12: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if (!f.open(QFile::ReadOnly)) { data/kitinerary-20.08.2/src/knowledgedb-generator/timezones.cpp:21:18: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if (!zoneTab.open(QFile::ReadOnly)) { data/kitinerary-20.08.2/src/knowledgedb-generator/wikidata.cpp:45:19: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). cacheFile.open(QFile::ReadOnly); data/kitinerary-20.08.2/src/knowledgedb-generator/wikidata.cpp:67:19: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). cacheFile.open(QFile::WriteOnly); data/kitinerary-20.08.2/src/knowledgedb/alphaid.h:38:45: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. inline explicit constexpr AlphaId(const char s[N]) data/kitinerary-20.08.2/src/knowledgedb/trainstationdb.cpp:45:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buffer[4]; data/kitinerary-20.08.2/src/knowledgedb/trainstationdb.cpp:47:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(buffer, id.toUpper().toUtf8().constData(), id.size()); data/kitinerary-20.08.2/src/knowledgedb/trainstationdb.h:77:51: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. inline explicit constexpr SncfStationId(const char s[5]) data/kitinerary-20.08.2/src/knowledgedb/trainstationdb.h:85:54: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static inline constexpr uint32_t fromChars(const char s[5]) data/kitinerary-20.08.2/src/knowledgedb/trainstationdb.h:98:51: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. inline explicit constexpr VRStationCode(const char s[4]) data/kitinerary-20.08.2/src/knowledgedb/trainstationdb.h:109:54: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static inline constexpr uint32_t fromChars(const char s[4]) data/kitinerary-20.08.2/src/uic9183/uic9183parser.cpp:48:45: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. Uic9183Block Uic9183Parser::findBlock(const char name[6]) const data/kitinerary-20.08.2/src/uic9183/uic9183parser.h:91:34: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. Uic9183Block findBlock(const char name[6]) const; data/kitinerary-20.08.2/src/uic9183/vendor0080block.cpp:135:60: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. Vendor0080BLSubBlock Vendor0080BLBlock::findSubBlock(const char id[3]) const data/kitinerary-20.08.2/src/uic9183/vendor0080block.h:57:45: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. Vendor0080BLSubBlock findSubBlock(const char id[3]) const; data/kitinerary-20.08.2/src/vdv/certs/cert-downloader.cpp:59:7: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). f.open(QFile::WriteOnly); data/kitinerary-20.08.2/src/vdv/certs/cert-downloader.cpp:66:14: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if (!qrc.open(QFile::WriteOnly)) { data/kitinerary-20.08.2/src/vdv/certs/cert-downloader.cpp:81:12: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if (!f.open(QFile::ReadOnly)) { data/kitinerary-20.08.2/src/vdv/certs/cert-downloader.cpp:96:20: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if (!f.open(QFile::WriteOnly)) { data/kitinerary-20.08.2/src/vdv/certs/cert-downloader.cpp:106:16: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if (!f.open(QFile::WriteOnly)) { data/kitinerary-20.08.2/src/vdv/vdvcertificate.cpp:182:12: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if (!f.open(QFile::ReadOnly)) { data/kitinerary-20.08.2/src/vdv/vdvdata_p.h:73:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char region[2]; data/kitinerary-20.08.2/src/vdv/vdvdata_p.h:74:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char name[3]; data/kitinerary-20.08.2/src/vdv/vdvdata_p.h:84:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char name[5]; data/kitinerary-20.08.2/src/vdv/vdvdata_p.h:93:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char name[6]; data/kitinerary-20.08.2/src/vdv/vdvdata_p.h:214:11: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. const char identifier[3]; data/kitinerary-20.08.2/src/barcodedecoder.cpp:158:29: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). const auto res = reader.read(binarizer); data/kitinerary-20.08.2/src/extractorinput.cpp:34:27: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). const auto len = std::strlen(str); data/kitinerary-20.08.2/src/extractorpostprocessor.cpp:422:46: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). person.setName(person.name().mid(strlen(prefix))); data/kitinerary-20.08.2/src/jsonlddocument.cpp:501:74: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). const auto enumIdx = mo->indexOfEnumerator(prop.typeName() + strlen(mo->className()) + 2); ANALYSIS SUMMARY: Hits = 78 Lines analyzed = 219522 in approximately 9.37 seconds (23434 lines/second) Physical Source Lines of Code (SLOC) = 212304 Hits@level = [0] 0 [1] 4 [2] 74 [3] 0 [4] 0 [5] 0 Hits@level+ = [0+] 78 [1+] 78 [2+] 74 [3+] 0 [4+] 0 [5+] 0 Hits/KSLOC@level+ = [0+] 0.367398 [1+] 0.367398 [2+] 0.348557 [3+] 0 [4+] 0 [5+] 0 Dot directories skipped = 1 (--followdotdir overrides) Minimum risk level = 1 Not every hit is necessarily a security vulnerability. There may be other security vulnerabilities; review your code! See 'Secure Programming HOWTO' (https://dwheeler.com/secure-programs) for more information.