Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler. Number of rules (primarily dangerous function names) in C/C++ ruleset: 223 Examining data/kpackage-5.74.0/autotests/querytest.cpp Examining data/kpackage-5.74.0/autotests/plasmoidstructure.cpp Examining data/kpackage-5.74.0/autotests/querytest.h Examining data/kpackage-5.74.0/autotests/rccpackagetest.h Examining data/kpackage-5.74.0/autotests/plasmoidpackagetest.cpp Examining data/kpackage-5.74.0/autotests/fallbackpackagetest.cpp Examining data/kpackage-5.74.0/autotests/plasmoidstructure.h Examining data/kpackage-5.74.0/autotests/rccpackagetest.cpp Examining data/kpackage-5.74.0/autotests/packagestructuretest.cpp Examining data/kpackage-5.74.0/autotests/plasmoidpackagetest.h Examining data/kpackage-5.74.0/autotests/mockdepresolver/main.cpp Examining data/kpackage-5.74.0/autotests/packagestructuretest.h Examining data/kpackage-5.74.0/autotests/fallbackpackagetest.h Examining data/kpackage-5.74.0/src/kpackagetool/main.cpp Examining data/kpackage-5.74.0/src/kpackagetool/kpackagetool.h Examining data/kpackage-5.74.0/src/kpackagetool/options.h Examining data/kpackage-5.74.0/src/kpackagetool/kpackagetool.cpp Examining data/kpackage-5.74.0/src/kpackage/package.h Examining data/kpackage-5.74.0/src/kpackage/version.cpp Examining data/kpackage-5.74.0/src/kpackage/package.cpp Examining data/kpackage-5.74.0/src/kpackage/packagestructure.h Examining data/kpackage-5.74.0/src/kpackage/packageloader.h Examining data/kpackage-5.74.0/src/kpackage/version.h Examining data/kpackage-5.74.0/src/kpackage/packagestructure.cpp Examining data/kpackage-5.74.0/src/kpackage/private/package_p.h Examining data/kpackage-5.74.0/src/kpackage/private/packages.cpp Examining data/kpackage-5.74.0/src/kpackage/private/packagejob_p.h Examining data/kpackage-5.74.0/src/kpackage/private/packageloader_p.h Examining data/kpackage-5.74.0/src/kpackage/private/packagejobthread.cpp Examining data/kpackage-5.74.0/src/kpackage/private/packagejob.cpp Examining data/kpackage-5.74.0/src/kpackage/private/packages_p.h Examining data/kpackage-5.74.0/src/kpackage/private/versionparser.cpp Examining data/kpackage-5.74.0/src/kpackage/private/packagejobthread_p.h Examining data/kpackage-5.74.0/src/kpackage/packageloader.cpp FINAL RESULTS: data/kpackage-5.74.0/autotests/plasmoidpackagetest.cpp:61:18: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). QVERIFY(file.open(QIODevice::WriteOnly | QIODevice::Text)); data/kpackage-5.74.0/autotests/plasmoidpackagetest.cpp:78:18: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). QVERIFY(file.open(QIODevice::WriteOnly | QIODevice::Text)); data/kpackage-5.74.0/autotests/plasmoidpackagetest.cpp:92:18: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). QVERIFY(file.open(QIODevice::WriteOnly | QIODevice::Text)); data/kpackage-5.74.0/autotests/plasmoidpackagetest.cpp:100:18: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). QVERIFY(file.open(QIODevice::WriteOnly | QIODevice::Text)); data/kpackage-5.74.0/autotests/plasmoidpackagetest.cpp:112:18: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). QVERIFY(file.open(QIODevice::WriteOnly | QIODevice::Text)); data/kpackage-5.74.0/autotests/plasmoidpackagetest.cpp:144:18: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). QVERIFY(file.open(QIODevice::WriteOnly | QIODevice::Text)); data/kpackage-5.74.0/autotests/plasmoidpackagetest.cpp:164:18: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). QVERIFY(file.open(QIODevice::WriteOnly | QIODevice::Text)); data/kpackage-5.74.0/autotests/plasmoidpackagetest.cpp:197:18: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). QVERIFY(file.open(QIODevice::WriteOnly | QIODevice::Text)); data/kpackage-5.74.0/autotests/plasmoidpackagetest.cpp:257:21: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). QVERIFY(creator.open(QIODevice::WriteOnly)); data/kpackage-5.74.0/autotests/plasmoidpackagetest.cpp:266:21: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). QVERIFY(package.open(QIODevice::ReadOnly)); data/kpackage-5.74.0/autotests/plasmoidpackagetest.cpp:301:21: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). QVERIFY(creator.open(QIODevice::WriteOnly)); data/kpackage-5.74.0/autotests/plasmoidpackagetest.cpp:339:21: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). QVERIFY(creator.open(QIODevice::WriteOnly)); data/kpackage-5.74.0/autotests/plasmoidpackagetest.cpp:348:21: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). QVERIFY(package.open(QIODevice::ReadOnly)); data/kpackage-5.74.0/autotests/plasmoidpackagetest.cpp:382:22: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). QVERIFY(creator2.open(QIODevice::WriteOnly)); data/kpackage-5.74.0/src/kpackage/package.cpp:254:29: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if (archive && archive->open(QIODevice::ReadOnly)) { data/kpackage-5.74.0/src/kpackage/package.cpp:637:15: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if (f.open(QIODevice::ReadOnly)) { data/kpackage-5.74.0/src/kpackage/package.cpp:943:19: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if (f.open(QIODevice::ReadOnly)) { data/kpackage-5.74.0/src/kpackage/packageloader.cpp:221:23: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). indexFile.open(QIODevice::ReadOnly); data/kpackage-5.74.0/src/kpackage/packageloader.cpp:322:23: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). indexFile.open(QIODevice::ReadOnly); data/kpackage-5.74.0/src/kpackage/private/packagejobthread.cpp:136:15: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if (!file.open(QIODevice::WriteOnly)) { data/kpackage-5.74.0/src/kpackage/private/packagejobthread.cpp:253:23: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if (!archive->open(QIODevice::ReadOnly)) { data/kpackage-5.74.0/src/kpackage/private/packagejobthread.cpp:289:19: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if(!f.open(QIODevice::ReadOnly)){ data/kpackage-5.74.0/src/kpackagetool/kpackagetool.cpp:67:23: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). indexFile.open(QIODevice::ReadOnly); data/kpackage-5.74.0/src/kpackagetool/kpackagetool.cpp:506:26: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if (!outputFile->open(QFile::WriteOnly | QFile::Text)) { data/kpackage-5.74.0/src/kpackage/package.cpp:639:32: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). hash.addData(f.read(1024)); data/kpackage-5.74.0/src/kpackage/package.cpp:945:36: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). hash.addData(f.read(1024)); ANALYSIS SUMMARY: Hits = 26 Lines analyzed = 5586 in approximately 0.68 seconds (8171 lines/second) Physical Source Lines of Code (SLOC) = 3798 Hits@level = [0] 0 [1] 2 [2] 24 [3] 0 [4] 0 [5] 0 Hits@level+ = [0+] 26 [1+] 26 [2+] 24 [3+] 0 [4+] 0 [5+] 0 Hits/KSLOC@level+ = [0+] 6.84571 [1+] 6.84571 [2+] 6.31912 [3+] 0 [4+] 0 [5+] 0 Dot directories skipped = 1 (--followdotdir overrides) Minimum risk level = 1 Not every hit is necessarily a security vulnerability. There may be other security vulnerabilities; review your code! See 'Secure Programming HOWTO' (https://dwheeler.com/secure-programs) for more information.