Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/knewstuff-5.74.0/autotests/knewstuffentrytest.cpp
Examining data/knewstuff-5.74.0/autotests/knewstuffauthortest.cpp
Examining data/knewstuff-5.74.0/autotests/kmoretools/kmoretoolstest2.cpp
Examining data/knewstuff-5.74.0/autotests/kmoretools/kmoretoolstest.cpp
Examining data/knewstuff-5.74.0/tests/khotnewstuff_test.h
Examining data/knewstuff-5.74.0/tests/khotnewstuff.cpp
Examining data/knewstuff-5.74.0/tests/knewstuff2_download.cpp
Examining data/knewstuff-5.74.0/tests/knewstuff2_cache.h
Examining data/knewstuff-5.74.0/tests/knewstuff2_standard.cpp
Examining data/knewstuff-5.74.0/tests/khotnewstuff_test.cpp
Examining data/knewstuff-5.74.0/tests/knewstuff2_standard.h
Examining data/knewstuff-5.74.0/tests/knewstuff2_download.h
Examining data/knewstuff-5.74.0/tests/khotnewstuff_upload.cpp
Examining data/knewstuff-5.74.0/tests/kmoretools/kmoretoolstest_interactive.cpp
Examining data/knewstuff-5.74.0/tests/knewstuff2_cache.cpp
Examining data/knewstuff-5.74.0/src/staticxml/staticxmlprovider.cpp
Examining data/knewstuff-5.74.0/src/staticxml/staticxmlprovider_p.h
Examining data/knewstuff-5.74.0/src/uploaddialog.h
Examining data/knewstuff-5.74.0/src/uploaddialog.cpp
Examining data/knewstuff-5.74.0/src/knewstuffaction.cpp
Examining data/knewstuff-5.74.0/src/ui/entrydetailsdialog.cpp
Examining data/knewstuff-5.74.0/src/ui/itemsview_p.h
Examining data/knewstuff-5.74.0/src/ui/itemsview.cpp
Examining data/knewstuff-5.74.0/src/ui/entrydetailsdialog_p.h
Examining data/knewstuff-5.74.0/src/ui/itemsviewbasedelegate.cpp
Examining data/knewstuff-5.74.0/src/ui/itemsgridviewdelegate.cpp
Examining data/knewstuff-5.74.0/src/ui/itemsviewbasedelegate_p.h
Examining data/knewstuff-5.74.0/src/ui/progressindicator_p.h
Examining data/knewstuff-5.74.0/src/ui/imagepreviewwidget.cpp
Examining data/knewstuff-5.74.0/src/ui/imagepreviewwidget_p.h
Examining data/knewstuff-5.74.0/src/ui/widgetquestionlistener.h
Examining data/knewstuff-5.74.0/src/ui/itemsgridviewdelegate_p.h
Examining data/knewstuff-5.74.0/src/ui/progressindicator.cpp
Examining data/knewstuff-5.74.0/src/ui/widgetquestionlistener.cpp
Examining data/knewstuff-5.74.0/src/ui/itemsviewdelegate.cpp
Examining data/knewstuff-5.74.0/src/ui/itemsviewdelegate_p.h
Examining data/knewstuff-5.74.0/src/attica/atticaprovider_p.h
Examining data/knewstuff-5.74.0/src/attica/atticaprovider.cpp
Examining data/knewstuff-5.74.0/src/button.cpp
Examining data/knewstuff-5.74.0/src/uploaddialog_p.h
Examining data/knewstuff-5.74.0/src/entry.cpp
Examining data/knewstuff-5.74.0/src/downloadmanager.h
Examining data/knewstuff-5.74.0/src/downloaddialog.h
Examining data/knewstuff-5.74.0/src/entry_p.h
Examining data/knewstuff-5.74.0/src/button.h
Examining data/knewstuff-5.74.0/src/downloadwidget.h
Examining data/knewstuff-5.74.0/src/downloadwidget.cpp
Examining data/knewstuff-5.74.0/src/downloaddialog.cpp
Examining data/knewstuff-5.74.0/src/core/itemsmodel.h
Examining data/knewstuff-5.74.0/src/core/commentsmodel.h
Examining data/knewstuff-5.74.0/src/core/jobs/downloadjob.h
Examining data/knewstuff-5.74.0/src/core/jobs/downloadjob.cpp
Examining data/knewstuff-5.74.0/src/core/jobs/httpworker.h
Examining data/knewstuff-5.74.0/src/core/jobs/jobbase.h
Examining data/knewstuff-5.74.0/src/core/jobs/httpjob.h
Examining data/knewstuff-5.74.0/src/core/jobs/httpjob.cpp
Examining data/knewstuff-5.74.0/src/core/jobs/kpackagejob.cpp
Examining data/knewstuff-5.74.0/src/core/jobs/kpackagejob.h
Examining data/knewstuff-5.74.0/src/core/jobs/filecopyjob.cpp
Examining data/knewstuff-5.74.0/src/core/jobs/filecopyworker.h
Examining data/knewstuff-5.74.0/src/core/jobs/filecopyjob.h
Examining data/knewstuff-5.74.0/src/core/jobs/httpworker.cpp
Examining data/knewstuff-5.74.0/src/core/jobs/filecopyworker.cpp
Examining data/knewstuff-5.74.0/src/core/entrywrapper.cpp
Examining data/knewstuff-5.74.0/src/core/itemsmodel.cpp
Examining data/knewstuff-5.74.0/src/core/commentsmodel.cpp
Examining data/knewstuff-5.74.0/src/core/security.cpp
Examining data/knewstuff-5.74.0/src/core/xmlloader.h
Examining data/knewstuff-5.74.0/src/core/questionmanager.h
Examining data/knewstuff-5.74.0/src/core/security.h
Examining data/knewstuff-5.74.0/src/core/provider.h
Examining data/knewstuff-5.74.0/src/core/cache.cpp
Examining data/knewstuff-5.74.0/src/core/installation.h
Examining data/knewstuff-5.74.0/src/core/provider.cpp
Examining data/knewstuff-5.74.0/src/core/errorcode.h
Examining data/knewstuff-5.74.0/src/core/downloadmanager.h
Examining data/knewstuff-5.74.0/src/core/questionlistener.h
Examining data/knewstuff-5.74.0/src/core/questionmanager.cpp
Examining data/knewstuff-5.74.0/src/core/tagsfilterchecker.cpp
Examining data/knewstuff-5.74.0/src/core/entryinternal.cpp
Examining data/knewstuff-5.74.0/src/core/installation.cpp
Examining data/knewstuff-5.74.0/src/core/entryinternal.h
Examining data/knewstuff-5.74.0/src/core/question.h
Examining data/knewstuff-5.74.0/src/core/author.h
Examining data/knewstuff-5.74.0/src/core/author.cpp
Examining data/knewstuff-5.74.0/src/core/engine.cpp
Examining data/knewstuff-5.74.0/src/core/errorcode.cpp
Examining data/knewstuff-5.74.0/src/core/cache.h
Examining data/knewstuff-5.74.0/src/core/imageloader.cpp
Examining data/knewstuff-5.74.0/src/core/entrywrapper.h
Examining data/knewstuff-5.74.0/src/core/questionlistener.cpp
Examining data/knewstuff-5.74.0/src/core/imageloader_p.h
Examining data/knewstuff-5.74.0/src/core/tagsfilterchecker.h
Examining data/knewstuff-5.74.0/src/core/question.cpp
Examining data/knewstuff-5.74.0/src/core/xmlloader.cpp
Examining data/knewstuff-5.74.0/src/core/downloadmanager.cpp
Examining data/knewstuff-5.74.0/src/core/engine.h
Examining data/knewstuff-5.74.0/src/tools/knewstuff-dialog/knsrcmodel.cpp
Examining data/knewstuff-5.74.0/src/tools/knewstuff-dialog/knsrcmodel.h
Examining data/knewstuff-5.74.0/src/tools/knewstuff-dialog/main.cpp
Examining data/knewstuff-5.74.0/src/qtquick/quickitemsmodel.h
Examining data/knewstuff-5.74.0/src/qtquick/commentsmodel.h
Examining data/knewstuff-5.74.0/src/qtquick/commentsmodel.cpp
Examining data/knewstuff-5.74.0/src/qtquick/downloadlinkinfo.cpp
Examining data/knewstuff-5.74.0/src/qtquick/categoriesmodel.h
Examining data/knewstuff-5.74.0/src/qtquick/categoriesmodel.cpp
Examining data/knewstuff-5.74.0/src/qtquick/qmlplugin.h
Examining data/knewstuff-5.74.0/src/qtquick/quickengine.h
Examining data/knewstuff-5.74.0/src/qtquick/quickitemsmodel.cpp
Examining data/knewstuff-5.74.0/src/qtquick/author.h
Examining data/knewstuff-5.74.0/src/qtquick/author.cpp
Examining data/knewstuff-5.74.0/src/qtquick/quickengine.cpp
Examining data/knewstuff-5.74.0/src/qtquick/downloadlinkinfo.h
Examining data/knewstuff-5.74.0/src/qtquick/quickquestionlistener.h
Examining data/knewstuff-5.74.0/src/qtquick/quickquestionlistener.cpp
Examining data/knewstuff-5.74.0/src/qtquick/qmlplugin.cpp
Examining data/knewstuff-5.74.0/src/entry.h
Examining data/knewstuff-5.74.0/src/knewstuffaction.h
Examining data/knewstuff-5.74.0/src/kmoretools/kmoretoolsconfigdialog_p.h
Examining data/knewstuff-5.74.0/src/kmoretools/kmoretools_p.h
Examining data/knewstuff-5.74.0/src/kmoretools/kmoretoolspresets.h
Examining data/knewstuff-5.74.0/src/kmoretools/kmoretoolsconfigdialog_p.cpp
Examining data/knewstuff-5.74.0/src/kmoretools/kmoretoolspresets.cpp
Examining data/knewstuff-5.74.0/src/kmoretools/kmoretools.h
Examining data/knewstuff-5.74.0/src/kmoretools/kmoretoolspresets_p.h
Examining data/knewstuff-5.74.0/src/kmoretools/kmoretools.cpp
Examining data/knewstuff-5.74.0/src/kmoretools/kmoretoolsmenufactory.h
Examining data/knewstuff-5.74.0/src/kmoretools/kmoretoolsmenufactory.cpp
Examining data/knewstuff-5.74.0/src/downloadwidget_p.h
Examining data/knewstuff-5.74.0/src/upload/atticahelper_p.h
Examining data/knewstuff-5.74.0/src/upload/atticahelper.cpp
Examining data/knewstuff-5.74.0/src/downloadmanager.cpp
FINAL RESULTS:
data/knewstuff-5.74.0/src/core/cache.cpp:62:12: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!f.open(QIODevice::ReadOnly | QIODevice::Text)) {
data/knewstuff-5.74.0/src/core/cache.cpp:125:20: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!f.open(QIODevice::ReadOnly)) {
data/knewstuff-5.74.0/src/core/cache.cpp:206:12: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!f.open(QIODevice::WriteOnly | QIODevice::Text)) {
data/knewstuff-5.74.0/src/core/installation.cpp:209:19: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!tempFile.open()) {
data/knewstuff-5.74.0/src/core/installation.cpp:533:41: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
bool success = archive->open(QIODevice::ReadOnly);
data/knewstuff-5.74.0/src/core/jobs/httpworker.cpp:165:24: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if(d->dataFile.open(QIODevice::WriteOnly)) {
data/knewstuff-5.74.0/src/core/security.cpp:240:39: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!m_fileName.isEmpty() && file.open(QIODevice::ReadOnly)) {
data/knewstuff-5.74.0/src/core/security.cpp:247:14: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (file.open(QIODevice::ReadOnly)) {
data/knewstuff-5.74.0/src/core/security.cpp:317:14: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (file.open(QIODevice::ReadOnly)) {
data/knewstuff-5.74.0/src/core/security.cpp:324:14: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (file.open(QIODevice::WriteOnly)) {
data/knewstuff-5.74.0/src/downloaddialog.cpp:113:22: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
void DownloadDialog::open()
data/knewstuff-5.74.0/src/downloaddialog.cpp:119:14: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
QDialog::open();
data/knewstuff-5.74.0/src/downloaddialog.h:156:10: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
void open() override;
data/knewstuff-5.74.0/src/uploaddialog.cpp:480:15: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!file.open(QIODevice::ReadOnly)) {
data/knewstuff-5.74.0/src/uploaddialog.cpp:758:15: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!file.open(QIODevice::ReadOnly)) {
data/knewstuff-5.74.0/tests/khotnewstuff_test.cpp:54:12: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!f.open(QIODevice::ReadOnly)) {
data/knewstuff-5.74.0/tests/khotnewstuff_test.cpp:86:12: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!f.open(QIODevice::ReadOnly)) {
data/knewstuff-5.74.0/src/core/jobs/filecopyworker.cpp:38:40: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
d->destination.write(d->source.read(1024));
data/knewstuff-5.74.0/src/core/jobs/httpworker.cpp:116:33: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
emit data(d->reply->read(32768));
ANALYSIS SUMMARY:
Hits = 19
Lines analyzed = 22287 in approximately 1.14 seconds (19482 lines/second)
Physical Source Lines of Code (SLOC) = 14670
Hits@level = [0] 0 [1] 2 [2] 17 [3] 0 [4] 0 [5] 0
Hits@level+ = [0+] 19 [1+] 19 [2+] 17 [3+] 0 [4+] 0 [5+] 0
Hits/KSLOC@level+ = [0+] 1.29516 [1+] 1.29516 [2+] 1.15883 [3+] 0 [4+] 0 [5+] 0
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.