Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/kitinerary-20.08.2/autotests/extractorutiltest.cpp
Examining data/kitinerary-20.08.2/autotests/structureddataextractortest.cpp
Examining data/kitinerary-20.08.2/autotests/postprocessortest.cpp
Examining data/kitinerary-20.08.2/autotests/bcbpparsertest.cpp
Examining data/kitinerary-20.08.2/autotests/pdfdocumenttest.cpp
Examining data/kitinerary-20.08.2/autotests/mergeutiltest.cpp
Examining data/kitinerary-20.08.2/autotests/berencodertest.cpp
Examining data/kitinerary-20.08.2/autotests/calendarhandlertest.cpp
Examining data/kitinerary-20.08.2/autotests/extractorvalidatortest.cpp
Examining data/kitinerary-20.08.2/autotests/jsonlddocumenttest.cpp
Examining data/kitinerary-20.08.2/autotests/knowledgedbtest.cpp
Examining data/kitinerary-20.08.2/autotests/filetest.cpp
Examining data/kitinerary-20.08.2/autotests/datatypestest.cpp
Examining data/kitinerary-20.08.2/autotests/locationutiltest.cpp
Examining data/kitinerary-20.08.2/autotests/extractortest.cpp
Examining data/kitinerary-20.08.2/autotests/pkpassextractortest.cpp
Examining data/kitinerary-20.08.2/autotests/berdecodertest.cpp
Examining data/kitinerary-20.08.2/autotests/airportdbtest.cpp
Examining data/kitinerary-20.08.2/autotests/documentutiltest.cpp
Examining data/kitinerary-20.08.2/autotests/bitarraytest.cpp
Examining data/kitinerary-20.08.2/autotests/stringutiltest.cpp
Examining data/kitinerary-20.08.2/autotests/barcodedecodertest.cpp
Examining data/kitinerary-20.08.2/autotests/vdvtickettest.cpp
Examining data/kitinerary-20.08.2/autotests/htmldocumenttest.cpp
Examining data/kitinerary-20.08.2/autotests/extractorrepositorytest.cpp
Examining data/kitinerary-20.08.2/autotests/jsapitest.cpp
Examining data/kitinerary-20.08.2/autotests/rct2parsertest.cpp
Examining data/kitinerary-20.08.2/autotests/extractorinputtest.cpp
Examining data/kitinerary-20.08.2/autotests/uic9183parsertest.cpp
Examining data/kitinerary-20.08.2/src/documentutil.cpp
Examining data/kitinerary-20.08.2/src/htmldocument.h
Examining data/kitinerary-20.08.2/src/jsonlddocument.h
Examining data/kitinerary-20.08.2/src/stringutil.cpp
Examining data/kitinerary-20.08.2/src/extractorrepository.cpp
Examining data/kitinerary-20.08.2/src/extractorpostprocessor.h
Examining data/kitinerary-20.08.2/src/calendarhandler.cpp
Examining data/kitinerary-20.08.2/src/vdv/vdvticketparser.h
Examining data/kitinerary-20.08.2/src/vdv/certs/cert-downloader.cpp
Examining data/kitinerary-20.08.2/src/vdv/iso9796_2decoder_p.h
Examining data/kitinerary-20.08.2/src/vdv/vdvcertificate_p.h
Examining data/kitinerary-20.08.2/src/vdv/vdvticketparser.cpp
Examining data/kitinerary-20.08.2/src/vdv/vdvcertificate.cpp
Examining data/kitinerary-20.08.2/src/vdv/iso9796_2decoder.cpp
Examining data/kitinerary-20.08.2/src/vdv/vdvdata_p.h
Examining data/kitinerary-20.08.2/src/vdv/vdvticket.h
Examining data/kitinerary-20.08.2/src/vdv/vdvticket.cpp
Examining data/kitinerary-20.08.2/src/extractorcapabilities.h
Examining data/kitinerary-20.08.2/src/jsonlddocument.cpp
Examining data/kitinerary-20.08.2/src/jsonldimportfilter.h
Examining data/kitinerary-20.08.2/src/flightpostprocessor_p.h
Examining data/kitinerary-20.08.2/src/htmldocument.cpp
Examining data/kitinerary-20.08.2/src/qimagepurebinarizer.h
Examining data/kitinerary-20.08.2/src/pdf/pdfvectorpicture.cpp
Examining data/kitinerary-20.08.2/src/pdf/pdfvectorpicture_p.h
Examining data/kitinerary-20.08.2/src/pdf/pdfextractoroutputdevice_p.h
Examining data/kitinerary-20.08.2/src/pdf/popplerutils_p.h
Examining data/kitinerary-20.08.2/src/pdf/popplerglobalparams_p.h
Examining data/kitinerary-20.08.2/src/pdf/popplertypes_p.h
Examining data/kitinerary-20.08.2/src/pdf/pdfimage_p.h
Examining data/kitinerary-20.08.2/src/pdf/pdfimage.h
Examining data/kitinerary-20.08.2/src/pdf/pdfimage.cpp
Examining data/kitinerary-20.08.2/src/pdf/popplerglobalparams.cpp
Examining data/kitinerary-20.08.2/src/pdf/pdfdocument.h
Examining data/kitinerary-20.08.2/src/pdf/pdfdocument.cpp
Examining data/kitinerary-20.08.2/src/pdf/pdfextractoroutputdevice.cpp
Examining data/kitinerary-20.08.2/src/pdf/pdfdocument_p.h
Examining data/kitinerary-20.08.2/src/pdf/popplerutils.cpp
Examining data/kitinerary-20.08.2/src/tlv/berelement.cpp
Examining data/kitinerary-20.08.2/src/tlv/berelement_p.h
Examining data/kitinerary-20.08.2/src/cli/main.cpp
Examining data/kitinerary-20.08.2/src/documentutil.h
Examining data/kitinerary-20.08.2/src/extractor.h
Examining data/kitinerary-20.08.2/src/jsonldimportfilter.cpp
Examining data/kitinerary-20.08.2/src/jsapi/bitarray.cpp
Examining data/kitinerary-20.08.2/src/jsapi/bitarray.h
Examining data/kitinerary-20.08.2/src/jsapi/jsonld.cpp
Examining data/kitinerary-20.08.2/src/jsapi/barcode.cpp
Examining data/kitinerary-20.08.2/src/jsapi/jsonld.h
Examining data/kitinerary-20.08.2/src/jsapi/context.cpp
Examining data/kitinerary-20.08.2/src/jsapi/barcode.h
Examining data/kitinerary-20.08.2/src/jsapi/context.h
Examining data/kitinerary-20.08.2/src/extractorfilter.h
Examining data/kitinerary-20.08.2/src/stringutil.h
Examining data/kitinerary-20.08.2/src/locationutil.cpp
Examining data/kitinerary-20.08.2/src/extractorpostprocessor.cpp
Examining data/kitinerary-20.08.2/src/barcodedecoder.cpp
Examining data/kitinerary-20.08.2/src/extractorcapabilities.cpp
Examining data/kitinerary-20.08.2/src/mergeutil.cpp
Examining data/kitinerary-20.08.2/src/extractorutil.cpp
Examining data/kitinerary-20.08.2/src/generic/genericvdvextractor_p.h
Examining data/kitinerary-20.08.2/src/generic/structureddataextractor_p.h
Examining data/kitinerary-20.08.2/src/generic/genericextractor_p.h
Examining data/kitinerary-20.08.2/src/generic/genericextractor.cpp
Examining data/kitinerary-20.08.2/src/generic/genericpkpassextractor_p.h
Examining data/kitinerary-20.08.2/src/generic/genericuic918extractor.cpp
Examining data/kitinerary-20.08.2/src/generic/genericicalextractor_p.h
Examining data/kitinerary-20.08.2/src/generic/genericpdfextractor_p.h
Examining data/kitinerary-20.08.2/src/generic/genericuic918extractor_p.h
Examining data/kitinerary-20.08.2/src/generic/genericpdfextractor.cpp
Examining data/kitinerary-20.08.2/src/generic/structureddataextractor.cpp
Examining data/kitinerary-20.08.2/src/generic/genericicalextractor.cpp
Examining data/kitinerary-20.08.2/src/generic/genericvdvextractor.cpp
Examining data/kitinerary-20.08.2/src/generic/genericpkpassextractor.cpp
Examining data/kitinerary-20.08.2/src/extractorpostprocessor_p.h
Examining data/kitinerary-20.08.2/src/calendarhandler.h
Examining data/kitinerary-20.08.2/src/uic9183/uic9183ticketlayout.cpp
Examining data/kitinerary-20.08.2/src/uic9183/vendor0080block.cpp
Examining data/kitinerary-20.08.2/src/uic9183/uic9183block.cpp
Examining data/kitinerary-20.08.2/src/uic9183/uic9183parser.h
Examining data/kitinerary-20.08.2/src/uic9183/uic9183block.h
Examining data/kitinerary-20.08.2/src/uic9183/rct2ticket.h
Examining data/kitinerary-20.08.2/src/uic9183/uic9183parser.cpp
Examining data/kitinerary-20.08.2/src/uic9183/rct2ticket.cpp
Examining data/kitinerary-20.08.2/src/uic9183/uic9183ticketlayout.h
Examining data/kitinerary-20.08.2/src/uic9183/vendor0080block.h
Examining data/kitinerary-20.08.2/src/extractorvalidator.h
Examining data/kitinerary-20.08.2/src/datatypes/action.cpp
Examining data/kitinerary-20.08.2/src/datatypes/flight.h
Examining data/kitinerary-20.08.2/src/datatypes/traintrip.h
Examining data/kitinerary-20.08.2/src/datatypes/rentalcar.cpp
Examining data/kitinerary-20.08.2/src/datatypes/creativework.cpp
Examining data/kitinerary-20.08.2/src/datatypes/action.h
Examining data/kitinerary-20.08.2/src/datatypes/reservation.cpp
Examining data/kitinerary-20.08.2/src/datatypes/event.cpp
Examining data/kitinerary-20.08.2/src/datatypes/brand.cpp
Examining data/kitinerary-20.08.2/src/datatypes/taxi.cpp
Examining data/kitinerary-20.08.2/src/datatypes/bustrip.cpp
Examining data/kitinerary-20.08.2/src/datatypes/person.h
Examining data/kitinerary-20.08.2/src/datatypes/ticket.cpp
Examining data/kitinerary-20.08.2/src/datatypes/datatypes.h
Examining data/kitinerary-20.08.2/src/datatypes/organization.h
Examining data/kitinerary-20.08.2/src/datatypes/visit.h
Examining data/kitinerary-20.08.2/src/datatypes/place.cpp
Examining data/kitinerary-20.08.2/src/datatypes/taxi.h
Examining data/kitinerary-20.08.2/src/datatypes/visit.cpp
Examining data/kitinerary-20.08.2/src/datatypes/flight.cpp
Examining data/kitinerary-20.08.2/src/datatypes/rentalcar.h
Examining data/kitinerary-20.08.2/src/datatypes/datatypes_p.h
Examining data/kitinerary-20.08.2/src/datatypes/creativework.h
Examining data/kitinerary-20.08.2/src/datatypes/place.h
Examining data/kitinerary-20.08.2/src/datatypes/reservation.h
Examining data/kitinerary-20.08.2/src/datatypes/person.cpp
Examining data/kitinerary-20.08.2/src/datatypes/event.h
Examining data/kitinerary-20.08.2/src/datatypes/traintrip.cpp
Examining data/kitinerary-20.08.2/src/datatypes/organization.cpp
Examining data/kitinerary-20.08.2/src/datatypes/ticket.h
Examining data/kitinerary-20.08.2/src/datatypes/bustrip.h
Examining data/kitinerary-20.08.2/src/datatypes/brand.h
Examining data/kitinerary-20.08.2/src/extractorfilter.cpp
Examining data/kitinerary-20.08.2/src/qimagepurebinarizer.cpp
Examining data/kitinerary-20.08.2/src/mergeutil.h
Examining data/kitinerary-20.08.2/src/extractorengine.h
Examining data/kitinerary-20.08.2/src/extractorengine.cpp
Examining data/kitinerary-20.08.2/src/file.h
Examining data/kitinerary-20.08.2/src/extractorutil.h
Examining data/kitinerary-20.08.2/src/extractor.cpp
Examining data/kitinerary-20.08.2/src/knowledgedb-generator/trainstationdbgenerator.cpp
Examining data/kitinerary-20.08.2/src/knowledgedb-generator/osmairportdb.cpp
Examining data/kitinerary-20.08.2/src/knowledgedb-generator/codegen.cpp
Examining data/kitinerary-20.08.2/src/knowledgedb-generator/util.h
Examining data/kitinerary-20.08.2/src/knowledgedb-generator/timezones.cpp
Examining data/kitinerary-20.08.2/src/knowledgedb-generator/countrydbgenerator.h
Examining data/kitinerary-20.08.2/src/knowledgedb-generator/wikidata.cpp
Examining data/kitinerary-20.08.2/src/knowledgedb-generator/wikidata.h
Examining data/kitinerary-20.08.2/src/knowledgedb-generator/main.cpp
Examining data/kitinerary-20.08.2/src/knowledgedb-generator/codegen.h
Examining data/kitinerary-20.08.2/src/knowledgedb-generator/airportdbgenerator.h
Examining data/kitinerary-20.08.2/src/knowledgedb-generator/airportdbgenerator.cpp
Examining data/kitinerary-20.08.2/src/knowledgedb-generator/timezonedbgenerator.h
Examining data/kitinerary-20.08.2/src/knowledgedb-generator/osmairportdb.h
Examining data/kitinerary-20.08.2/src/knowledgedb-generator/timezonedbgenerator.cpp
Examining data/kitinerary-20.08.2/src/knowledgedb-generator/util.cpp
Examining data/kitinerary-20.08.2/src/knowledgedb-generator/countrydbgenerator.cpp
Examining data/kitinerary-20.08.2/src/knowledgedb-generator/timezones.h
Examining data/kitinerary-20.08.2/src/knowledgedb-generator/trainstationdbgenerator.h
Examining data/kitinerary-20.08.2/src/extractorrepository.h
Examining data/kitinerary-20.08.2/src/extractorinput.cpp
Examining data/kitinerary-20.08.2/src/barcodedecoder.h
Examining data/kitinerary-20.08.2/src/extractorinput.h
Examining data/kitinerary-20.08.2/src/sortutil.h
Examining data/kitinerary-20.08.2/src/osm/geomath.cpp
Examining data/kitinerary-20.08.2/src/osm/xmlparser.h
Examining data/kitinerary-20.08.2/src/osm/datatypes.cpp
Examining data/kitinerary-20.08.2/src/osm/datatypes.h
Examining data/kitinerary-20.08.2/src/osm/xmlparser.cpp
Examining data/kitinerary-20.08.2/src/osm/geomath.h
Examining data/kitinerary-20.08.2/src/osm/element.h
Examining data/kitinerary-20.08.2/src/osm/element.cpp
Examining data/kitinerary-20.08.2/src/file.cpp
Examining data/kitinerary-20.08.2/src/sortutil.cpp
Examining data/kitinerary-20.08.2/src/locationutil.h
Examining data/kitinerary-20.08.2/src/iatabcbpparser.h
Examining data/kitinerary-20.08.2/src/extractorvalidator.cpp
Examining data/kitinerary-20.08.2/src/flightpostprocessor.cpp
Examining data/kitinerary-20.08.2/src/knowledgedb/countrydb.h
Examining data/kitinerary-20.08.2/src/knowledgedb/trainstationdb.cpp
Examining data/kitinerary-20.08.2/src/knowledgedb/countrydb.cpp
Examining data/kitinerary-20.08.2/src/knowledgedb/timezonedb_p.h
Examining data/kitinerary-20.08.2/src/knowledgedb/trainstationdb.h
Examining data/kitinerary-20.08.2/src/knowledgedb/trainstationdb_data.cpp
Examining data/kitinerary-20.08.2/src/knowledgedb/timezonedb.h
Examining data/kitinerary-20.08.2/src/knowledgedb/timezonedb_data.cpp
Examining data/kitinerary-20.08.2/src/knowledgedb/knowledgedb.h
Examining data/kitinerary-20.08.2/src/knowledgedb/timezone_zindex.cpp
Examining data/kitinerary-20.08.2/src/knowledgedb/airportdb.cpp
Examining data/kitinerary-20.08.2/src/knowledgedb/alphaid.cpp
Examining data/kitinerary-20.08.2/src/knowledgedb/alphaid.h
Examining data/kitinerary-20.08.2/src/knowledgedb/iatacode.h
Examining data/kitinerary-20.08.2/src/knowledgedb/knowledgedb.cpp
Examining data/kitinerary-20.08.2/src/knowledgedb/iatacode.cpp
Examining data/kitinerary-20.08.2/src/knowledgedb/airportdb_data.cpp
Examining data/kitinerary-20.08.2/src/knowledgedb/countrydb_p.h
Examining data/kitinerary-20.08.2/src/knowledgedb/countrydb_data.cpp
Examining data/kitinerary-20.08.2/src/knowledgedb/airportdb_p.h
Examining data/kitinerary-20.08.2/src/knowledgedb/timezonedb_data.h
Examining data/kitinerary-20.08.2/src/knowledgedb/airportdb.h
Examining data/kitinerary-20.08.2/src/knowledgedb/timezonedb.cpp
Examining data/kitinerary-20.08.2/src/iatabcbpparser.cpp
FINAL RESULTS:
data/kitinerary-20.08.2/autotests/bcbpparsertest.cpp:61:19: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
QVERIFY(f.open(QFile::ReadOnly));
data/kitinerary-20.08.2/autotests/berencodertest.cpp:41:24: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
QVERIFY(buffer.open(QIODevice::WriteOnly));
data/kitinerary-20.08.2/autotests/calendarhandlertest.cpp:59:19: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
QVERIFY(f.open(QFile::ReadOnly));
data/kitinerary-20.08.2/autotests/calendarhandlertest.cpp:119:19: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
QVERIFY(f.open(QFile::ReadOnly));
data/kitinerary-20.08.2/autotests/calendarhandlertest.cpp:141:19: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
QVERIFY(f.open(QFile::ReadOnly));
data/kitinerary-20.08.2/autotests/extractortest.cpp:92:24: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
QVERIFY(inFile.open(QFile::ReadOnly));
data/kitinerary-20.08.2/autotests/extractortest.cpp:96:16: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (cf.open(QFile::ReadOnly)) {
data/kitinerary-20.08.2/autotests/extractortest.cpp:154:23: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
QVERIFY(f.open(QFile::WriteOnly));
data/kitinerary-20.08.2/autotests/extractortest.cpp:160:19: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
QVERIFY(f.open(QFile::ReadOnly));
data/kitinerary-20.08.2/autotests/extractortest.cpp:164:30: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
QVERIFY(failFile.open(QFile::WriteOnly));
data/kitinerary-20.08.2/autotests/extractorvalidatortest.cpp:27:11: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
f.open(QFile::ReadOnly);
data/kitinerary-20.08.2/autotests/extractorvalidatortest.cpp:79:19: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
QVERIFY(f.open(QFile::ReadOnly));
data/kitinerary-20.08.2/autotests/extractorvalidatortest.cpp:92:21: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
QVERIFY(ref.open(QFile::ReadOnly));
data/kitinerary-20.08.2/autotests/filetest.cpp:32:21: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
QVERIFY(tmp.open());
data/kitinerary-20.08.2/autotests/filetest.cpp:37:21: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
QVERIFY(out.open(File::Write));
data/kitinerary-20.08.2/autotests/filetest.cpp:41:29: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
QVERIFY(resFile.open(QFile::ReadOnly));
data/kitinerary-20.08.2/autotests/filetest.cpp:47:30: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
QVERIFY(passFile.open(QFile::ReadOnly));
data/kitinerary-20.08.2/autotests/filetest.cpp:67:20: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
QVERIFY(in.open(File::Read));
data/kitinerary-20.08.2/autotests/filetest.cpp:109:20: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
QVERIFY(!f.open(File::Read));
data/kitinerary-20.08.2/autotests/filetest.cpp:111:20: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
QVERIFY(!f.open(File::Read));
data/kitinerary-20.08.2/autotests/filetest.cpp:115:21: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
QVERIFY(tmp.open());
data/kitinerary-20.08.2/autotests/filetest.cpp:118:19: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
QVERIFY(f.open(File::Write));
data/kitinerary-20.08.2/autotests/htmldocumenttest.cpp:23:19: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
QVERIFY(f.open(QFile::ReadOnly));
data/kitinerary-20.08.2/autotests/htmldocumenttest.cpp:67:19: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
QVERIFY(f.open(QFile::ReadOnly));
data/kitinerary-20.08.2/autotests/htmldocumenttest.cpp:92:19: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
QVERIFY(f.open(QFile::ReadOnly));
data/kitinerary-20.08.2/autotests/jsonlddocumenttest.cpp:35:11: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
f.open(QFile::ReadOnly);
data/kitinerary-20.08.2/autotests/jsonlddocumenttest.cpp:441:23: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
QVERIFY(f.open(QFile::WriteOnly));
data/kitinerary-20.08.2/autotests/mergeutiltest.cpp:35:11: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
f.open(QFile::ReadOnly);
data/kitinerary-20.08.2/autotests/pdfdocumenttest.cpp:30:19: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
QVERIFY(f.open(QFile::ReadOnly));
data/kitinerary-20.08.2/autotests/pdfdocumenttest.cpp:79:19: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
QVERIFY(f.open(QFile::ReadOnly));
data/kitinerary-20.08.2/autotests/pkpassextractortest.cpp:75:21: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
QVERIFY(ref.open(QFile::ReadOnly));
data/kitinerary-20.08.2/autotests/postprocessortest.cpp:50:19: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
QVERIFY(f.open(QFile::ReadOnly));
data/kitinerary-20.08.2/autotests/postprocessortest.cpp:64:21: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
QVERIFY(ref.open(QFile::ReadOnly));
data/kitinerary-20.08.2/autotests/rct2parsertest.cpp:48:19: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
QVERIFY(f.open(QFile::ReadOnly));
data/kitinerary-20.08.2/autotests/rct2parsertest.cpp:59:21: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
QVERIFY(ref.open(QFile::ReadOnly));
data/kitinerary-20.08.2/autotests/structureddataextractortest.cpp:47:19: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
QVERIFY(f.open(QFile::ReadOnly));
data/kitinerary-20.08.2/autotests/structureddataextractortest.cpp:52:21: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
QVERIFY(ref.open(QFile::ReadOnly));
data/kitinerary-20.08.2/autotests/uic9183parsertest.cpp:46:19: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
QVERIFY(f.open(QFile::ReadOnly));
data/kitinerary-20.08.2/autotests/uic9183parsertest.cpp:53:21: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
QVERIFY(ref.open(QFile::ReadOnly));
data/kitinerary-20.08.2/autotests/uic9183parsertest.cpp:79:19: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
QVERIFY(f.open(QFile::ReadOnly));
data/kitinerary-20.08.2/src/cli/main.cpp:153:20: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!f.open(QFile::ReadOnly)) {
data/kitinerary-20.08.2/src/cli/main.cpp:158:15: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
f.open(stdin, QFile::ReadOnly);
data/kitinerary-20.08.2/src/extractorengine.cpp:644:12: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!f.open(QFile::ReadOnly)) {
data/kitinerary-20.08.2/src/extractorrepository.cpp:274:23: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!file.open(QFile::ReadOnly)) {
data/kitinerary-20.08.2/src/file.cpp:67:12: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
bool File::open(File::OpenMode mode) const
data/kitinerary-20.08.2/src/file.cpp:75:22: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!d->zipFile->open(mode == File::Write ? QIODevice::WriteOnly : QIODevice::ReadOnly)) {
data/kitinerary-20.08.2/src/file.h:59:10: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
bool open(OpenMode mode) const;
data/kitinerary-20.08.2/src/knowledgedb-generator/main.cpp:33:14: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!out.open(QFile::WriteOnly)) {
data/kitinerary-20.08.2/src/knowledgedb-generator/osmairportdb.cpp:25:12: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!f.open(QFile::ReadOnly)) {
data/kitinerary-20.08.2/src/knowledgedb-generator/timezones.cpp:21:18: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!zoneTab.open(QFile::ReadOnly)) {
data/kitinerary-20.08.2/src/knowledgedb-generator/wikidata.cpp:45:19: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
cacheFile.open(QFile::ReadOnly);
data/kitinerary-20.08.2/src/knowledgedb-generator/wikidata.cpp:67:19: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
cacheFile.open(QFile::WriteOnly);
data/kitinerary-20.08.2/src/knowledgedb/alphaid.h:38:45: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
inline explicit constexpr AlphaId(const char s[N])
data/kitinerary-20.08.2/src/knowledgedb/trainstationdb.cpp:45:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[4];
data/kitinerary-20.08.2/src/knowledgedb/trainstationdb.cpp:47:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buffer, id.toUpper().toUtf8().constData(), id.size());
data/kitinerary-20.08.2/src/knowledgedb/trainstationdb.h:77:51: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
inline explicit constexpr SncfStationId(const char s[5])
data/kitinerary-20.08.2/src/knowledgedb/trainstationdb.h:85:54: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static inline constexpr uint32_t fromChars(const char s[5])
data/kitinerary-20.08.2/src/knowledgedb/trainstationdb.h:98:51: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
inline explicit constexpr VRStationCode(const char s[4])
data/kitinerary-20.08.2/src/knowledgedb/trainstationdb.h:109:54: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static inline constexpr uint32_t fromChars(const char s[4])
data/kitinerary-20.08.2/src/uic9183/uic9183parser.cpp:48:45: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
Uic9183Block Uic9183Parser::findBlock(const char name[6]) const
data/kitinerary-20.08.2/src/uic9183/uic9183parser.h:91:34: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
Uic9183Block findBlock(const char name[6]) const;
data/kitinerary-20.08.2/src/uic9183/vendor0080block.cpp:135:60: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
Vendor0080BLSubBlock Vendor0080BLBlock::findSubBlock(const char id[3]) const
data/kitinerary-20.08.2/src/uic9183/vendor0080block.h:57:45: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
Vendor0080BLSubBlock findSubBlock(const char id[3]) const;
data/kitinerary-20.08.2/src/vdv/certs/cert-downloader.cpp:59:7: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
f.open(QFile::WriteOnly);
data/kitinerary-20.08.2/src/vdv/certs/cert-downloader.cpp:66:14: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!qrc.open(QFile::WriteOnly)) {
data/kitinerary-20.08.2/src/vdv/certs/cert-downloader.cpp:81:12: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!f.open(QFile::ReadOnly)) {
data/kitinerary-20.08.2/src/vdv/certs/cert-downloader.cpp:96:20: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!f.open(QFile::WriteOnly)) {
data/kitinerary-20.08.2/src/vdv/certs/cert-downloader.cpp:106:16: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!f.open(QFile::WriteOnly)) {
data/kitinerary-20.08.2/src/vdv/vdvcertificate.cpp:182:12: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!f.open(QFile::ReadOnly)) {
data/kitinerary-20.08.2/src/vdv/vdvdata_p.h:73:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char region[2];
data/kitinerary-20.08.2/src/vdv/vdvdata_p.h:74:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[3];
data/kitinerary-20.08.2/src/vdv/vdvdata_p.h:84:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[5];
data/kitinerary-20.08.2/src/vdv/vdvdata_p.h:93:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[6];
data/kitinerary-20.08.2/src/vdv/vdvdata_p.h:214:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const char identifier[3];
data/kitinerary-20.08.2/src/barcodedecoder.cpp:158:29: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
const auto res = reader.read(binarizer);
data/kitinerary-20.08.2/src/extractorinput.cpp:34:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
const auto len = std::strlen(str);
data/kitinerary-20.08.2/src/extractorpostprocessor.cpp:422:46: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
person.setName(person.name().mid(strlen(prefix)));
data/kitinerary-20.08.2/src/jsonlddocument.cpp:501:74: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
const auto enumIdx = mo->indexOfEnumerator(prop.typeName() + strlen(mo->className()) + 2);
ANALYSIS SUMMARY:
Hits = 78
Lines analyzed = 219522 in approximately 9.37 seconds (23434 lines/second)
Physical Source Lines of Code (SLOC) = 212304
Hits@level = [0] 0 [1] 4 [2] 74 [3] 0 [4] 0 [5] 0
Hits@level+ = [0+] 78 [1+] 78 [2+] 74 [3+] 0 [4+] 0 [5+] 0
Hits/KSLOC@level+ = [0+] 0.367398 [1+] 0.367398 [2+] 0.348557 [3+] 0 [4+] 0 [5+] 0
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.