Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler. Number of rules (primarily dangerous function names) in C/C++ ruleset: 223 Examining data/klog-1.3.2/mainwindowinputqsl.h Examining data/klog-1.3.2/updatesatsdata.h Examining data/klog-1.3.2/logwindow.h Examining data/klog-1.3.2/dataproxy_sqlite.cpp Examining data/klog-1.3.2/tipsdialog.h Examining data/klog-1.3.2/startwizard.h Examining data/klog-1.3.2/infowidget.h Examining data/klog-1.3.2/lotwutilities.cpp Examining data/klog-1.3.2/awards.cpp Examining data/klog-1.3.2/hamlibclass.h Examining data/klog-1.3.2/widgets/showadifimportwidget.h Examining data/klog-1.3.2/widgets/adiflotwexportwidget.cpp Examining data/klog-1.3.2/widgets/adiflotwexportwidget.h Examining data/klog-1.3.2/widgets/showadifimportwidget.cpp Examining data/klog-1.3.2/updatesatsdata.cpp Examining data/klog-1.3.2/setupdialog.cpp Examining data/klog-1.3.2/downloadcty.cpp Examining data/klog-1.3.2/lotwutilities.h Examining data/klog-1.3.2/main.cpp Examining data/klog-1.3.2/filemanager.h Examining data/klog-1.3.2/mainqsoentrywidget.cpp Examining data/klog-1.3.2/database.cpp Examining data/klog-1.3.2/elogclublog.h Examining data/klog-1.3.2/awarddxmarathon.cpp Examining data/klog-1.3.2/softwareupdatedialog.cpp Examining data/klog-1.3.2/awards.h Examining data/klog-1.3.2/awarddxmarathon.h Examining data/klog-1.3.2/infowidget.cpp Examining data/klog-1.3.2/softwareupdate.cpp Examining data/klog-1.3.2/mainwindow.cpp Examining data/klog-1.3.2/showerrordialog.cpp Examining data/klog-1.3.2/mainwindowinputcomment.h Examining data/klog-1.3.2/mainwindowsattab.h Examining data/klog-1.3.2/mainwindowinputcomment.cpp Examining data/klog-1.3.2/udpserver.cpp Examining data/klog-1.3.2/searchwidget.cpp Examining data/klog-1.3.2/mainwindowinputothers.cpp Examining data/klog-1.3.2/worldmapwidget.h Examining data/klog-1.3.2/mainwindowinputeqsl.cpp Examining data/klog-1.3.2/awardswidget.cpp Examining data/klog-1.3.2/logwindow.cpp Examining data/klog-1.3.2/mainqsoentrywidget.h Examining data/klog-1.3.2/mainwindowinputothers.h Examining data/klog-1.3.2/utilities.cpp Examining data/klog-1.3.2/aboutdialog.cpp Examining data/klog-1.3.2/database.h Examining data/klog-1.3.2/downloadcty.h Examining data/klog-1.3.2/searchwidget.h Examining data/klog-1.3.2/mainwindowinputeqsl.h Examining data/klog-1.3.2/mainwindowinputqsl.cpp Examining data/klog-1.3.2/worldmapwidget.cpp Examining data/klog-1.3.2/mainwindow.h Examining data/klog-1.3.2/filemanager.cpp Examining data/klog-1.3.2/searchwindow.cpp Examining data/klog-1.3.2/mainwindowmydatatab.cpp Examining data/klog-1.3.2/charts/statsqsospermodebarchartwidget.h Examining data/klog-1.3.2/charts/statsqsospermodebarchartwidget.cpp Examining data/klog-1.3.2/charts/statsqsospercontinentbarchartwidget.h Examining data/klog-1.3.2/charts/statsqsospermonthbarchartwidget.cpp Examining data/klog-1.3.2/charts/statssentconfirmedpiechartwidget.cpp Examining data/klog-1.3.2/charts/statsworkedsentpiechartwidget.h Examining data/klog-1.3.2/charts/statsqsosperdxccbarchartwidget.h Examining data/klog-1.3.2/charts/barchartstats.h Examining data/klog-1.3.2/charts/statsgeneralchartwidget.cpp Examining data/klog-1.3.2/charts/statsqsospercontinentbarchartwidget.cpp Examining data/klog-1.3.2/charts/statsqsosperhourbarchartwidget.cpp Examining data/klog-1.3.2/charts/statsgeneralchartwidget.h Examining data/klog-1.3.2/charts/statsqsosperhourbarchartwidget.h Examining data/klog-1.3.2/charts/statsqsosperbandbarchartwidget.cpp Examining data/klog-1.3.2/charts/statsqsospermonthbarchartwidget.h Examining data/klog-1.3.2/charts/statsentitiesperyearbarchartwidget.cpp Examining data/klog-1.3.2/charts/statsqsosperbandbarchartwidget.h Examining data/klog-1.3.2/charts/statsqsosperyearbarchartwidget.h Examining data/klog-1.3.2/charts/statsqsosperyearbarchartwidget.cpp Examining data/klog-1.3.2/charts/statsworkedconfirmedpiechartwidget.h Examining data/klog-1.3.2/charts/statssentconfirmedpiechartwidget.h Examining data/klog-1.3.2/charts/statsentitiesperyearbarchartwidget.h Examining data/klog-1.3.2/charts/barchartstats.cpp Examining data/klog-1.3.2/charts/statscqzperyearbarchartwidget.cpp Examining data/klog-1.3.2/charts/statsworkedsentpiechartwidget.cpp Examining data/klog-1.3.2/charts/statsworkedconfirmedpiechartwidget.cpp Examining data/klog-1.3.2/charts/statsqsosperdxccbarchartwidget.cpp Examining data/klog-1.3.2/charts/statscqzperyearbarchartwidget.h Examining data/klog-1.3.2/tipsdialog.cpp Examining data/klog-1.3.2/utilities.h Examining data/klog-1.3.2/mainwindowmydatatab.h Examining data/klog-1.3.2/dxcluster.h Examining data/klog-1.3.2/dxccstatuswidget.cpp Examining data/klog-1.3.2/softwareupdatedialog.h Examining data/klog-1.3.2/searchmodel.h Examining data/klog-1.3.2/searchmodel.cpp Examining data/klog-1.3.2/udpserver.h Examining data/klog-1.3.2/statisticswidget.cpp Examining data/klog-1.3.2/qso.cpp Examining data/klog-1.3.2/logmodel.h Examining data/klog-1.3.2/dataproxy_sqlite.h Examining data/klog-1.3.2/statisticswidget.h Examining data/klog-1.3.2/mainwindowsattab.cpp Examining data/klog-1.3.2/dxccstatuswidget.h Examining data/klog-1.3.2/world.h Examining data/klog-1.3.2/logviewsortfilterproxymodel.h Examining data/klog-1.3.2/setupdialog.h Examining data/klog-1.3.2/setuppages/setuppagesats.h Examining data/klog-1.3.2/setuppages/setuppagesatseditor.h Examining data/klog-1.3.2/setuppages/setuppageinterfaceswindows.cpp Examining data/klog-1.3.2/setuppages/setuppagecolors.h Examining data/klog-1.3.2/setuppages/setuppageworldeditor.h Examining data/klog-1.3.2/setuppages/setupentitydialog.cpp Examining data/klog-1.3.2/setuppages/setuppagelogs.h Examining data/klog-1.3.2/setuppages/setuppageuserdata.cpp Examining data/klog-1.3.2/setuppages/setuppageclublog.h Examining data/klog-1.3.2/setuppages/setuppagesats.cpp Examining data/klog-1.3.2/setuppages/setuppagelotw.cpp Examining data/klog-1.3.2/setuppages/setuppagelogs.cpp Examining data/klog-1.3.2/setuppages/setuppageudp.h Examining data/klog-1.3.2/setuppages/setuppagebandmode.h Examining data/klog-1.3.2/setuppages/setuppageworldeditor.cpp Examining data/klog-1.3.2/setuppages/setuppagedxcluster.cpp Examining data/klog-1.3.2/setuppages/setupentitydialog.h Examining data/klog-1.3.2/setuppages/setuppagelotw.h Examining data/klog-1.3.2/setuppages/setuppagecolors.cpp Examining data/klog-1.3.2/setuppages/setuppagelogsnew.h Examining data/klog-1.3.2/setuppages/setuppagehamlib.cpp Examining data/klog-1.3.2/setuppages/setuppagesatseditor.cpp Examining data/klog-1.3.2/setuppages/setuppagelogsnew.cpp Examining data/klog-1.3.2/setuppages/setuppagehamlib.h Examining data/klog-1.3.2/setuppages/setuppageuserdata.h Examining data/klog-1.3.2/setuppages/setuppagedxcluster.h Examining data/klog-1.3.2/setuppages/setuppagesatsnew.h Examining data/klog-1.3.2/setuppages/setuppageudp.cpp Examining data/klog-1.3.2/setuppages/setuppagebandmode.cpp Examining data/klog-1.3.2/setuppages/setuppagemisc.h Examining data/klog-1.3.2/setuppages/setuppagesatsnew.cpp Examining data/klog-1.3.2/setuppages/setuppagemisc.cpp Examining data/klog-1.3.2/setuppages/setuppageclublog.cpp Examining data/klog-1.3.2/elogclublog.cpp Examining data/klog-1.3.2/softwareupdate.h Examining data/klog-1.3.2/locator.h Examining data/klog-1.3.2/logmodel.cpp Examining data/klog-1.3.2/aboutdialog.h Examining data/klog-1.3.2/hamlibclass.cpp Examining data/klog-1.3.2/dxcluster.cpp Examining data/klog-1.3.2/searchwindow.h Examining data/klog-1.3.2/logviewsortfilterproxymodel.cpp Examining data/klog-1.3.2/locator.cpp Examining data/klog-1.3.2/world.cpp Examining data/klog-1.3.2/startwizard.cpp Examining data/klog-1.3.2/qso.h Examining data/klog-1.3.2/showerrordialog.h Examining data/klog-1.3.2/awardswidget.h FINAL RESULTS: data/klog-1.3.2/main.cpp:102:44: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. qtTranslator.load("qt_" + QLocale::system().name(), QLibraryInfo::location(QLibraryInfo::TranslationsPath)); data/klog-1.3.2/main.cpp:112:102: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. if (QFile::exists(QCoreApplication::applicationDirPath() + "/translations/klog_" + (QLocale::system().name()).left(2) + ".qm") ) data/klog-1.3.2/main.cpp:114:109: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. myappTranslator.load(QCoreApplication::applicationDirPath() + "/translations/klog_" + (QLocale::system().name()).left(2) + ".qm"); data/klog-1.3.2/main.cpp:116:75: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. else if (QFile::exists(QDir::homePath()+"/klog/klog_" + (QLocale::system().name()).left(2)+ ".qm") ) data/klog-1.3.2/main.cpp:118:77: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. myappTranslator.load(QDir::homePath()+"/klog/klog_" + (QLocale::system().name())); data/klog-1.3.2/main.cpp:120:29: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. else if (((QLocale::system().name()).left(2)) == "en") data/klog-1.3.2/main.cpp:132:103: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. if (QFile::exists(QCoreApplication::applicationDirPath() + "/translations/klog_" + (QLocale::system().name()).left(2) + ".qm") ) data/klog-1.3.2/main.cpp:134:109: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. myappTranslator.load(QCoreApplication::applicationDirPath() + "/translations/klog_" + (QLocale::system().name()).left(2) + ".qm"); data/klog-1.3.2/main.cpp:137:29: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. else if (((QLocale::system().name()).left(2)) == "en") data/klog-1.3.2/main.cpp:149:47: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. if (QFile::exists("klog_" + (QLocale::system().name()).left(2) + ".qm") ) data/klog-1.3.2/main.cpp:151:54: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. myappTranslator.load("klog_" + (QLocale::system().name()).left(2)); data/klog-1.3.2/main.cpp:153:81: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. else if (QFile::exists("/usr/share/klog/translations/klog_" + (QLocale::system().name()).left(2) + ".qm") ) data/klog-1.3.2/main.cpp:156:83: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. myappTranslator.load("/usr/share/klog/translations/klog_" + (QLocale::system().name())); data/klog-1.3.2/main.cpp:158:107: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. else if (QFile::exists(QCoreApplication::applicationDirPath() + "/translations/klog_" + (QLocale::system().name()).left(2) + ".qm")) data/klog-1.3.2/main.cpp:161:109: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. myappTranslator.load(QCoreApplication::applicationDirPath() + "/translations/klog_" + (QLocale::system().name())); data/klog-1.3.2/main.cpp:164:29: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. else if (((QLocale::system().name()).left(2)) == "en") data/klog-1.3.2/main.cpp:188:42: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. QString language = (QLocale::system().name()).left(2); data/klog-1.3.2/database.cpp:225:13: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if (!db.open()) { data/klog-1.3.2/database.cpp:293:17: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if (!db.open()) data/klog-1.3.2/downloadcty.cpp:171:15: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if (!file.open(QIODevice::WriteOnly)) { data/klog-1.3.2/dxcluster.cpp:787:25: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if (!saveSpotsFile->open(QIODevice::WriteOnly | QIODevice::Text | QIODevice::Append)) data/klog-1.3.2/filemanager.cpp:242:15: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if (!file.open(QIODevice::WriteOnly | QIODevice::Text)) data/klog-1.3.2/filemanager.cpp:409:15: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if (!file.open(QIODevice::WriteOnly | QIODevice::Text)) data/klog-1.3.2/filemanager.cpp:639:15: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if (!file.open(QIODevice::ReadOnly | QIODevice::Text)) data/klog-1.3.2/filemanager.cpp:1204:15: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if (!file.open(QIODevice::ReadOnly | QIODevice::Text)) data/klog-1.3.2/filemanager.cpp:2892:15: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if (!file.open(QIODevice::ReadWrite | QIODevice::Text)){ data/klog-1.3.2/filemanager.cpp:2898:14: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if (!tmp.open()) { data/klog-1.3.2/filemanager.cpp:2950:15: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if (!file.open(QIODevice::ReadOnly | QIODevice::Text)) data/klog-1.3.2/filemanager.cpp:3061:15: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if (!file.open(QIODevice::ReadOnly | QIODevice::Text)) data/klog-1.3.2/filemanager.cpp:3236:14: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if (file.open (QIODevice::ReadOnly)) data/klog-1.3.2/filemanager.cpp:3268:13: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if(file.open(QIODevice::ReadWrite | QIODevice::Text)) data/klog-1.3.2/lotwutilities.cpp:192:18: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if (!file->open(QIODevice::WriteOnly)) data/klog-1.3.2/lotwutilities.cpp:318:19: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). file->open(QIODevice::WriteOnly); data/klog-1.3.2/lotwutilities.cpp:390:15: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if (!file.open(QIODevice::ReadOnly | QIODevice::Text)) data/klog-1.3.2/mainwindow.cpp:57:21: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if (!debugFile->open(QIODevice::WriteOnly | QIODevice::Text)) data/klog-1.3.2/mainwindow.cpp:4105:15: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if (!file.open(QIODevice::ReadOnly | QIODevice::Text)){ data/klog-1.3.2/setupdialog.cpp:471:14: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if (file.open (QIODevice::WriteOnly)){ data/klog-1.3.2/setupdialog.cpp:708:15: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if (!file.open(QIODevice::ReadOnly | QIODevice::Text)){ data/klog-1.3.2/setuppages/setuppagesats.cpp:669:19: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if (!file.open(QIODevice::WriteOnly | QIODevice::Text)) data/klog-1.3.2/updatesatsdata.cpp:16:15: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if (!file.open(QIODevice::ReadOnly | QIODevice::Text)) data/klog-1.3.2/utilities.cpp:254:15: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if (!file.open(QIODevice::ReadOnly | QIODevice::Text)){ data/klog-1.3.2/utilities.cpp:282:15: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if (!file.open(QIODevice::ReadOnly | QIODevice::Text)){ data/klog-1.3.2/world.cpp:1194:15: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if (!file.open(QIODevice::ReadOnly | QIODevice::Text)) data/klog-1.3.2/hamlibclass.cpp:410:5: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy (my_rig->state.rigport.pathname, serialPort.toLocal8Bit().constData(), FILPATHLEN); ANALYSIS SUMMARY: Hits = 44 Lines analyzed = 65502 in approximately 2.69 seconds (24332 lines/second) Physical Source Lines of Code (SLOC) = 41654 Hits@level = [0] 0 [1] 1 [2] 26 [3] 0 [4] 17 [5] 0 Hits@level+ = [0+] 44 [1+] 44 [2+] 43 [3+] 17 [4+] 17 [5+] 0 Hits/KSLOC@level+ = [0+] 1.05632 [1+] 1.05632 [2+] 1.03231 [3+] 0.408124 [4+] 0.408124 [5+] 0 Dot directories skipped = 1 (--followdotdir overrides) Minimum risk level = 1 Not every hit is necessarily a security vulnerability. There may be other security vulnerabilities; review your code! See 'Secure Programming HOWTO' (https://dwheeler.com/secure-programs) for more information.