Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler. Number of rules (primarily dangerous function names) in C/C++ ruleset: 223 Examining data/knewstuff-5.74.0/autotests/knewstuffentrytest.cpp Examining data/knewstuff-5.74.0/autotests/knewstuffauthortest.cpp Examining data/knewstuff-5.74.0/autotests/kmoretools/kmoretoolstest2.cpp Examining data/knewstuff-5.74.0/autotests/kmoretools/kmoretoolstest.cpp Examining data/knewstuff-5.74.0/tests/khotnewstuff_test.h Examining data/knewstuff-5.74.0/tests/khotnewstuff.cpp Examining data/knewstuff-5.74.0/tests/knewstuff2_download.cpp Examining data/knewstuff-5.74.0/tests/knewstuff2_cache.h Examining data/knewstuff-5.74.0/tests/knewstuff2_standard.cpp Examining data/knewstuff-5.74.0/tests/khotnewstuff_test.cpp Examining data/knewstuff-5.74.0/tests/knewstuff2_standard.h Examining data/knewstuff-5.74.0/tests/knewstuff2_download.h Examining data/knewstuff-5.74.0/tests/khotnewstuff_upload.cpp Examining data/knewstuff-5.74.0/tests/kmoretools/kmoretoolstest_interactive.cpp Examining data/knewstuff-5.74.0/tests/knewstuff2_cache.cpp Examining data/knewstuff-5.74.0/src/staticxml/staticxmlprovider.cpp Examining data/knewstuff-5.74.0/src/staticxml/staticxmlprovider_p.h Examining data/knewstuff-5.74.0/src/uploaddialog.h Examining data/knewstuff-5.74.0/src/uploaddialog.cpp Examining data/knewstuff-5.74.0/src/knewstuffaction.cpp Examining data/knewstuff-5.74.0/src/ui/entrydetailsdialog.cpp Examining data/knewstuff-5.74.0/src/ui/itemsview_p.h Examining data/knewstuff-5.74.0/src/ui/itemsview.cpp Examining data/knewstuff-5.74.0/src/ui/entrydetailsdialog_p.h Examining data/knewstuff-5.74.0/src/ui/itemsviewbasedelegate.cpp Examining data/knewstuff-5.74.0/src/ui/itemsgridviewdelegate.cpp Examining data/knewstuff-5.74.0/src/ui/itemsviewbasedelegate_p.h Examining data/knewstuff-5.74.0/src/ui/progressindicator_p.h Examining data/knewstuff-5.74.0/src/ui/imagepreviewwidget.cpp Examining data/knewstuff-5.74.0/src/ui/imagepreviewwidget_p.h Examining data/knewstuff-5.74.0/src/ui/widgetquestionlistener.h Examining data/knewstuff-5.74.0/src/ui/itemsgridviewdelegate_p.h Examining data/knewstuff-5.74.0/src/ui/progressindicator.cpp Examining data/knewstuff-5.74.0/src/ui/widgetquestionlistener.cpp Examining data/knewstuff-5.74.0/src/ui/itemsviewdelegate.cpp Examining data/knewstuff-5.74.0/src/ui/itemsviewdelegate_p.h Examining data/knewstuff-5.74.0/src/attica/atticaprovider_p.h Examining data/knewstuff-5.74.0/src/attica/atticaprovider.cpp Examining data/knewstuff-5.74.0/src/button.cpp Examining data/knewstuff-5.74.0/src/uploaddialog_p.h Examining data/knewstuff-5.74.0/src/entry.cpp Examining data/knewstuff-5.74.0/src/downloadmanager.h Examining data/knewstuff-5.74.0/src/downloaddialog.h Examining data/knewstuff-5.74.0/src/entry_p.h Examining data/knewstuff-5.74.0/src/button.h Examining data/knewstuff-5.74.0/src/downloadwidget.h Examining data/knewstuff-5.74.0/src/downloadwidget.cpp Examining data/knewstuff-5.74.0/src/downloaddialog.cpp Examining data/knewstuff-5.74.0/src/core/itemsmodel.h Examining data/knewstuff-5.74.0/src/core/commentsmodel.h Examining data/knewstuff-5.74.0/src/core/jobs/downloadjob.h Examining data/knewstuff-5.74.0/src/core/jobs/downloadjob.cpp Examining data/knewstuff-5.74.0/src/core/jobs/httpworker.h Examining data/knewstuff-5.74.0/src/core/jobs/jobbase.h Examining data/knewstuff-5.74.0/src/core/jobs/httpjob.h Examining data/knewstuff-5.74.0/src/core/jobs/httpjob.cpp Examining data/knewstuff-5.74.0/src/core/jobs/kpackagejob.cpp Examining data/knewstuff-5.74.0/src/core/jobs/kpackagejob.h Examining data/knewstuff-5.74.0/src/core/jobs/filecopyjob.cpp Examining data/knewstuff-5.74.0/src/core/jobs/filecopyworker.h Examining data/knewstuff-5.74.0/src/core/jobs/filecopyjob.h Examining data/knewstuff-5.74.0/src/core/jobs/httpworker.cpp Examining data/knewstuff-5.74.0/src/core/jobs/filecopyworker.cpp Examining data/knewstuff-5.74.0/src/core/entrywrapper.cpp Examining data/knewstuff-5.74.0/src/core/itemsmodel.cpp Examining data/knewstuff-5.74.0/src/core/commentsmodel.cpp Examining data/knewstuff-5.74.0/src/core/security.cpp Examining data/knewstuff-5.74.0/src/core/xmlloader.h Examining data/knewstuff-5.74.0/src/core/questionmanager.h Examining data/knewstuff-5.74.0/src/core/security.h Examining data/knewstuff-5.74.0/src/core/provider.h Examining data/knewstuff-5.74.0/src/core/cache.cpp Examining data/knewstuff-5.74.0/src/core/installation.h Examining data/knewstuff-5.74.0/src/core/provider.cpp Examining data/knewstuff-5.74.0/src/core/errorcode.h Examining data/knewstuff-5.74.0/src/core/downloadmanager.h Examining data/knewstuff-5.74.0/src/core/questionlistener.h Examining data/knewstuff-5.74.0/src/core/questionmanager.cpp Examining data/knewstuff-5.74.0/src/core/tagsfilterchecker.cpp Examining data/knewstuff-5.74.0/src/core/entryinternal.cpp Examining data/knewstuff-5.74.0/src/core/installation.cpp Examining data/knewstuff-5.74.0/src/core/entryinternal.h Examining data/knewstuff-5.74.0/src/core/question.h Examining data/knewstuff-5.74.0/src/core/author.h Examining data/knewstuff-5.74.0/src/core/author.cpp Examining data/knewstuff-5.74.0/src/core/engine.cpp Examining data/knewstuff-5.74.0/src/core/errorcode.cpp Examining data/knewstuff-5.74.0/src/core/cache.h Examining data/knewstuff-5.74.0/src/core/imageloader.cpp Examining data/knewstuff-5.74.0/src/core/entrywrapper.h Examining data/knewstuff-5.74.0/src/core/questionlistener.cpp Examining data/knewstuff-5.74.0/src/core/imageloader_p.h Examining data/knewstuff-5.74.0/src/core/tagsfilterchecker.h Examining data/knewstuff-5.74.0/src/core/question.cpp Examining data/knewstuff-5.74.0/src/core/xmlloader.cpp Examining data/knewstuff-5.74.0/src/core/downloadmanager.cpp Examining data/knewstuff-5.74.0/src/core/engine.h Examining data/knewstuff-5.74.0/src/tools/knewstuff-dialog/knsrcmodel.cpp Examining data/knewstuff-5.74.0/src/tools/knewstuff-dialog/knsrcmodel.h Examining data/knewstuff-5.74.0/src/tools/knewstuff-dialog/main.cpp Examining data/knewstuff-5.74.0/src/qtquick/quickitemsmodel.h Examining data/knewstuff-5.74.0/src/qtquick/commentsmodel.h Examining data/knewstuff-5.74.0/src/qtquick/commentsmodel.cpp Examining data/knewstuff-5.74.0/src/qtquick/downloadlinkinfo.cpp Examining data/knewstuff-5.74.0/src/qtquick/categoriesmodel.h Examining data/knewstuff-5.74.0/src/qtquick/categoriesmodel.cpp Examining data/knewstuff-5.74.0/src/qtquick/qmlplugin.h Examining data/knewstuff-5.74.0/src/qtquick/quickengine.h Examining data/knewstuff-5.74.0/src/qtquick/quickitemsmodel.cpp Examining data/knewstuff-5.74.0/src/qtquick/author.h Examining data/knewstuff-5.74.0/src/qtquick/author.cpp Examining data/knewstuff-5.74.0/src/qtquick/quickengine.cpp Examining data/knewstuff-5.74.0/src/qtquick/downloadlinkinfo.h Examining data/knewstuff-5.74.0/src/qtquick/quickquestionlistener.h Examining data/knewstuff-5.74.0/src/qtquick/quickquestionlistener.cpp Examining data/knewstuff-5.74.0/src/qtquick/qmlplugin.cpp Examining data/knewstuff-5.74.0/src/entry.h Examining data/knewstuff-5.74.0/src/knewstuffaction.h Examining data/knewstuff-5.74.0/src/kmoretools/kmoretoolsconfigdialog_p.h Examining data/knewstuff-5.74.0/src/kmoretools/kmoretools_p.h Examining data/knewstuff-5.74.0/src/kmoretools/kmoretoolspresets.h Examining data/knewstuff-5.74.0/src/kmoretools/kmoretoolsconfigdialog_p.cpp Examining data/knewstuff-5.74.0/src/kmoretools/kmoretoolspresets.cpp Examining data/knewstuff-5.74.0/src/kmoretools/kmoretools.h Examining data/knewstuff-5.74.0/src/kmoretools/kmoretoolspresets_p.h Examining data/knewstuff-5.74.0/src/kmoretools/kmoretools.cpp Examining data/knewstuff-5.74.0/src/kmoretools/kmoretoolsmenufactory.h Examining data/knewstuff-5.74.0/src/kmoretools/kmoretoolsmenufactory.cpp Examining data/knewstuff-5.74.0/src/downloadwidget_p.h Examining data/knewstuff-5.74.0/src/upload/atticahelper_p.h Examining data/knewstuff-5.74.0/src/upload/atticahelper.cpp Examining data/knewstuff-5.74.0/src/downloadmanager.cpp FINAL RESULTS: data/knewstuff-5.74.0/src/core/cache.cpp:62:12: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if (!f.open(QIODevice::ReadOnly | QIODevice::Text)) { data/knewstuff-5.74.0/src/core/cache.cpp:125:20: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if (!f.open(QIODevice::ReadOnly)) { data/knewstuff-5.74.0/src/core/cache.cpp:206:12: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if (!f.open(QIODevice::WriteOnly | QIODevice::Text)) { data/knewstuff-5.74.0/src/core/installation.cpp:209:19: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if (!tempFile.open()) { data/knewstuff-5.74.0/src/core/installation.cpp:533:41: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). bool success = archive->open(QIODevice::ReadOnly); data/knewstuff-5.74.0/src/core/jobs/httpworker.cpp:165:24: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if(d->dataFile.open(QIODevice::WriteOnly)) { data/knewstuff-5.74.0/src/core/security.cpp:240:39: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if (!m_fileName.isEmpty() && file.open(QIODevice::ReadOnly)) { data/knewstuff-5.74.0/src/core/security.cpp:247:14: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if (file.open(QIODevice::ReadOnly)) { data/knewstuff-5.74.0/src/core/security.cpp:317:14: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if (file.open(QIODevice::ReadOnly)) { data/knewstuff-5.74.0/src/core/security.cpp:324:14: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if (file.open(QIODevice::WriteOnly)) { data/knewstuff-5.74.0/src/downloaddialog.cpp:113:22: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). void DownloadDialog::open() data/knewstuff-5.74.0/src/downloaddialog.cpp:119:14: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). QDialog::open(); data/knewstuff-5.74.0/src/downloaddialog.h:156:10: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). void open() override; data/knewstuff-5.74.0/src/uploaddialog.cpp:480:15: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if (!file.open(QIODevice::ReadOnly)) { data/knewstuff-5.74.0/src/uploaddialog.cpp:758:15: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if (!file.open(QIODevice::ReadOnly)) { data/knewstuff-5.74.0/tests/khotnewstuff_test.cpp:54:12: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if (!f.open(QIODevice::ReadOnly)) { data/knewstuff-5.74.0/tests/khotnewstuff_test.cpp:86:12: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if (!f.open(QIODevice::ReadOnly)) { data/knewstuff-5.74.0/src/core/jobs/filecopyworker.cpp:38:40: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). d->destination.write(d->source.read(1024)); data/knewstuff-5.74.0/src/core/jobs/httpworker.cpp:116:33: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). emit data(d->reply->read(32768)); ANALYSIS SUMMARY: Hits = 19 Lines analyzed = 22287 in approximately 1.14 seconds (19482 lines/second) Physical Source Lines of Code (SLOC) = 14670 Hits@level = [0] 0 [1] 2 [2] 17 [3] 0 [4] 0 [5] 0 Hits@level+ = [0+] 19 [1+] 19 [2+] 17 [3+] 0 [4+] 0 [5+] 0 Hits/KSLOC@level+ = [0+] 1.29516 [1+] 1.29516 [2+] 1.15883 [3+] 0 [4+] 0 [5+] 0 Dot directories skipped = 1 (--followdotdir overrides) Minimum risk level = 1 Not every hit is necessarily a security vulnerability. There may be other security vulnerabilities; review your code! See 'Secure Programming HOWTO' (https://dwheeler.com/secure-programs) for more information.