Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler. Number of rules (primarily dangerous function names) in C/C++ ruleset: 223 Examining data/kmouth-20.08.0/phrasebook/phrasebookdialog.h Examining data/kmouth-20.08.0/phrasebook/phrasebook.h Examining data/kmouth-20.08.0/phrasebook/initialphrasebookwidget.h Examining data/kmouth-20.08.0/phrasebook/phrasebookparser.cpp Examining data/kmouth-20.08.0/phrasebook/phrasebookparser.h Examining data/kmouth-20.08.0/phrasebook/initialphrasebookwidget.cpp Examining data/kmouth-20.08.0/phrasebook/phrasebook.cpp Examining data/kmouth-20.08.0/phrasebook/phrasebookdialog.cpp Examining data/kmouth-20.08.0/texttospeechsystem.h Examining data/kmouth-20.08.0/kmouth.cpp Examining data/kmouth-20.08.0/speech.h Examining data/kmouth-20.08.0/configwizard.h Examining data/kmouth-20.08.0/wordcompletion/dictionarycreationwizard.cpp Examining data/kmouth-20.08.0/wordcompletion/wordcompletionwidget.h Examining data/kmouth-20.08.0/wordcompletion/wordlist.h Examining data/kmouth-20.08.0/wordcompletion/wordlist.cpp Examining data/kmouth-20.08.0/wordcompletion/wordcompletionwidget.cpp Examining data/kmouth-20.08.0/wordcompletion/wordcompletion.h Examining data/kmouth-20.08.0/wordcompletion/wordcompletion.cpp Examining data/kmouth-20.08.0/wordcompletion/dictionarycreationwizard.h Examining data/kmouth-20.08.0/phraselist.cpp Examining data/kmouth-20.08.0/kmouth.h Examining data/kmouth-20.08.0/main.cpp Examining data/kmouth-20.08.0/version.h Examining data/kmouth-20.08.0/optionsdialog.h Examining data/kmouth-20.08.0/speech.cpp Examining data/kmouth-20.08.0/configwizard.cpp Examining data/kmouth-20.08.0/optionsdialog.cpp Examining data/kmouth-20.08.0/texttospeechsystem.cpp Examining data/kmouth-20.08.0/phraselist.h Examining data/kmouth-20.08.0/texttospeechconfigurationwidget.cpp Examining data/kmouth-20.08.0/texttospeechconfigurationwidget.h FINAL RESULTS: data/kmouth-20.08.0/wordcompletion/dictionarycreationwizard.cpp:221:51: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. return QLocale::languageToString(QLocale::system().language()); data/kmouth-20.08.0/kmouth.cpp:109:74: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). actionCollection()->setDefaultShortcuts(fileOpen, KStandardShortcut::open()); data/kmouth-20.08.0/kmouth.cpp:257:17: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). phraseList->open(url); data/kmouth-20.08.0/kmouth.cpp:356:17: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). phraseList->open(); data/kmouth-20.08.0/kmouth.cpp:498:14: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). book.open(QUrl::fromLocalFile(standardBook)); data/kmouth-20.08.0/phrasebook/initialphrasebookwidget.cpp:137:27: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if (localBook.open(QUrl::fromLocalFile(child->data().toString()))) { data/kmouth-20.08.0/phrasebook/phrasebook.cpp:257:19: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if (!file.open(QIODevice::WriteOnly)) data/kmouth-20.08.0/phrasebook/phrasebook.cpp:351:18: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). bool PhraseBook::open(const QUrl &url) data/kmouth-20.08.0/phrasebook/phrasebook.cpp:405:19: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if (pbook.open(QUrl::fromLocalFile(*it))) { data/kmouth-20.08.0/phrasebook/phrasebook.h:113:10: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). bool open(const QUrl &url); data/kmouth-20.08.0/phrasebook/phrasebookdialog.cpp:99:14: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). file.open(QIODevice::ReadOnly); data/kmouth-20.08.0/phrasebook/phrasebookdialog.cpp:622:14: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). file.open(QIODevice::WriteOnly); data/kmouth-20.08.0/phrasebook/phrasebookdialog.cpp:645:18: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if (file.open(QIODevice::ReadOnly)) { data/kmouth-20.08.0/phrasebook/phrasebookdialog.cpp:678:14: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if (file.open(QIODevice::WriteOnly | QIODevice::Text)) { data/kmouth-20.08.0/phraselist.cpp:483:18: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). void PhraseList::open() data/kmouth-20.08.0/phraselist.cpp:489:9: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). open(url); data/kmouth-20.08.0/phraselist.cpp:492:18: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). void PhraseList::open(const QUrl &url) data/kmouth-20.08.0/phraselist.cpp:499:14: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if (book.open(url)) { data/kmouth-20.08.0/phraselist.h:82:10: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). void open(); data/kmouth-20.08.0/phraselist.h:83:10: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). void open(const QUrl &url); data/kmouth-20.08.0/speech.cpp:180:18: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). tempFile.open(); data/kmouth-20.08.0/wordcompletion/wordcompletion.cpp:180:31: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if (file.exists() && file.open(QIODevice::ReadOnly)) { data/kmouth-20.08.0/wordcompletion/wordcompletion.cpp:235:19: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if (!file.open(QIODevice::WriteOnly)) data/kmouth-20.08.0/wordcompletion/wordlist.cpp:140:15: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if (!file.open(QIODevice::WriteOnly)) data/kmouth-20.08.0/wordcompletion/wordlist.cpp:196:21: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if (wpdfile.open(QIODevice::ReadOnly)) { data/kmouth-20.08.0/wordcompletion/wordlist.cpp:220:30: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if (file.open(QIODevice::ReadOnly)) { data/kmouth-20.08.0/wordcompletion/wordlist.cpp:386:15: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if (afile.open(QIODevice::ReadOnly)) { data/kmouth-20.08.0/wordcompletion/wordlist.cpp:536:19: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if (dfile.open(QIODevice::ReadOnly)) { ANALYSIS SUMMARY: Hits = 28 Lines analyzed = 6419 in approximately 0.65 seconds (9857 lines/second) Physical Source Lines of Code (SLOC) = 4375 Hits@level = [0] 0 [1] 0 [2] 27 [3] 0 [4] 1 [5] 0 Hits@level+ = [0+] 28 [1+] 28 [2+] 28 [3+] 1 [4+] 1 [5+] 0 Hits/KSLOC@level+ = [0+] 6.4 [1+] 6.4 [2+] 6.4 [3+] 0.228571 [4+] 0.228571 [5+] 0 Dot directories skipped = 1 (--followdotdir overrides) Minimum risk level = 1 Not every hit is necessarily a security vulnerability. There may be other security vulnerabilities; review your code! See 'Secure Programming HOWTO' (https://dwheeler.com/secure-programs) for more information.