Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/kmouth-20.08.0/phrasebook/phrasebookdialog.h
Examining data/kmouth-20.08.0/phrasebook/phrasebook.h
Examining data/kmouth-20.08.0/phrasebook/initialphrasebookwidget.h
Examining data/kmouth-20.08.0/phrasebook/phrasebookparser.cpp
Examining data/kmouth-20.08.0/phrasebook/phrasebookparser.h
Examining data/kmouth-20.08.0/phrasebook/initialphrasebookwidget.cpp
Examining data/kmouth-20.08.0/phrasebook/phrasebook.cpp
Examining data/kmouth-20.08.0/phrasebook/phrasebookdialog.cpp
Examining data/kmouth-20.08.0/texttospeechsystem.h
Examining data/kmouth-20.08.0/kmouth.cpp
Examining data/kmouth-20.08.0/speech.h
Examining data/kmouth-20.08.0/configwizard.h
Examining data/kmouth-20.08.0/wordcompletion/dictionarycreationwizard.cpp
Examining data/kmouth-20.08.0/wordcompletion/wordcompletionwidget.h
Examining data/kmouth-20.08.0/wordcompletion/wordlist.h
Examining data/kmouth-20.08.0/wordcompletion/wordlist.cpp
Examining data/kmouth-20.08.0/wordcompletion/wordcompletionwidget.cpp
Examining data/kmouth-20.08.0/wordcompletion/wordcompletion.h
Examining data/kmouth-20.08.0/wordcompletion/wordcompletion.cpp
Examining data/kmouth-20.08.0/wordcompletion/dictionarycreationwizard.h
Examining data/kmouth-20.08.0/phraselist.cpp
Examining data/kmouth-20.08.0/kmouth.h
Examining data/kmouth-20.08.0/main.cpp
Examining data/kmouth-20.08.0/version.h
Examining data/kmouth-20.08.0/optionsdialog.h
Examining data/kmouth-20.08.0/speech.cpp
Examining data/kmouth-20.08.0/configwizard.cpp
Examining data/kmouth-20.08.0/optionsdialog.cpp
Examining data/kmouth-20.08.0/texttospeechsystem.cpp
Examining data/kmouth-20.08.0/phraselist.h
Examining data/kmouth-20.08.0/texttospeechconfigurationwidget.cpp
Examining data/kmouth-20.08.0/texttospeechconfigurationwidget.h
FINAL RESULTS:
data/kmouth-20.08.0/wordcompletion/dictionarycreationwizard.cpp:221:51: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
return QLocale::languageToString(QLocale::system().language());
data/kmouth-20.08.0/kmouth.cpp:109:74: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
actionCollection()->setDefaultShortcuts(fileOpen, KStandardShortcut::open());
data/kmouth-20.08.0/kmouth.cpp:257:17: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
phraseList->open(url);
data/kmouth-20.08.0/kmouth.cpp:356:17: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
phraseList->open();
data/kmouth-20.08.0/kmouth.cpp:498:14: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
book.open(QUrl::fromLocalFile(standardBook));
data/kmouth-20.08.0/phrasebook/initialphrasebookwidget.cpp:137:27: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (localBook.open(QUrl::fromLocalFile(child->data().toString()))) {
data/kmouth-20.08.0/phrasebook/phrasebook.cpp:257:19: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!file.open(QIODevice::WriteOnly))
data/kmouth-20.08.0/phrasebook/phrasebook.cpp:351:18: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
bool PhraseBook::open(const QUrl &url)
data/kmouth-20.08.0/phrasebook/phrasebook.cpp:405:19: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (pbook.open(QUrl::fromLocalFile(*it))) {
data/kmouth-20.08.0/phrasebook/phrasebook.h:113:10: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
bool open(const QUrl &url);
data/kmouth-20.08.0/phrasebook/phrasebookdialog.cpp:99:14: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
file.open(QIODevice::ReadOnly);
data/kmouth-20.08.0/phrasebook/phrasebookdialog.cpp:622:14: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
file.open(QIODevice::WriteOnly);
data/kmouth-20.08.0/phrasebook/phrasebookdialog.cpp:645:18: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (file.open(QIODevice::ReadOnly)) {
data/kmouth-20.08.0/phrasebook/phrasebookdialog.cpp:678:14: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (file.open(QIODevice::WriteOnly | QIODevice::Text)) {
data/kmouth-20.08.0/phraselist.cpp:483:18: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
void PhraseList::open()
data/kmouth-20.08.0/phraselist.cpp:489:9: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
open(url);
data/kmouth-20.08.0/phraselist.cpp:492:18: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
void PhraseList::open(const QUrl &url)
data/kmouth-20.08.0/phraselist.cpp:499:14: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (book.open(url)) {
data/kmouth-20.08.0/phraselist.h:82:10: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
void open();
data/kmouth-20.08.0/phraselist.h:83:10: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
void open(const QUrl &url);
data/kmouth-20.08.0/speech.cpp:180:18: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
tempFile.open();
data/kmouth-20.08.0/wordcompletion/wordcompletion.cpp:180:31: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (file.exists() && file.open(QIODevice::ReadOnly)) {
data/kmouth-20.08.0/wordcompletion/wordcompletion.cpp:235:19: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!file.open(QIODevice::WriteOnly))
data/kmouth-20.08.0/wordcompletion/wordlist.cpp:140:15: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!file.open(QIODevice::WriteOnly))
data/kmouth-20.08.0/wordcompletion/wordlist.cpp:196:21: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (wpdfile.open(QIODevice::ReadOnly)) {
data/kmouth-20.08.0/wordcompletion/wordlist.cpp:220:30: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (file.open(QIODevice::ReadOnly)) {
data/kmouth-20.08.0/wordcompletion/wordlist.cpp:386:15: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (afile.open(QIODevice::ReadOnly)) {
data/kmouth-20.08.0/wordcompletion/wordlist.cpp:536:19: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (dfile.open(QIODevice::ReadOnly)) {
ANALYSIS SUMMARY:
Hits = 28
Lines analyzed = 6419 in approximately 0.65 seconds (9857 lines/second)
Physical Source Lines of Code (SLOC) = 4375
Hits@level = [0] 0 [1] 0 [2] 27 [3] 0 [4] 1 [5] 0
Hits@level+ = [0+] 28 [1+] 28 [2+] 28 [3+] 1 [4+] 1 [5+] 0
Hits/KSLOC@level+ = [0+] 6.4 [1+] 6.4 [2+] 6.4 [3+] 0.228571 [4+] 0.228571 [5+] 0
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.