Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/kpackage-5.74.0/autotests/querytest.cpp
Examining data/kpackage-5.74.0/autotests/plasmoidstructure.cpp
Examining data/kpackage-5.74.0/autotests/querytest.h
Examining data/kpackage-5.74.0/autotests/rccpackagetest.h
Examining data/kpackage-5.74.0/autotests/plasmoidpackagetest.cpp
Examining data/kpackage-5.74.0/autotests/fallbackpackagetest.cpp
Examining data/kpackage-5.74.0/autotests/plasmoidstructure.h
Examining data/kpackage-5.74.0/autotests/rccpackagetest.cpp
Examining data/kpackage-5.74.0/autotests/packagestructuretest.cpp
Examining data/kpackage-5.74.0/autotests/plasmoidpackagetest.h
Examining data/kpackage-5.74.0/autotests/mockdepresolver/main.cpp
Examining data/kpackage-5.74.0/autotests/packagestructuretest.h
Examining data/kpackage-5.74.0/autotests/fallbackpackagetest.h
Examining data/kpackage-5.74.0/src/kpackagetool/main.cpp
Examining data/kpackage-5.74.0/src/kpackagetool/kpackagetool.h
Examining data/kpackage-5.74.0/src/kpackagetool/options.h
Examining data/kpackage-5.74.0/src/kpackagetool/kpackagetool.cpp
Examining data/kpackage-5.74.0/src/kpackage/package.h
Examining data/kpackage-5.74.0/src/kpackage/version.cpp
Examining data/kpackage-5.74.0/src/kpackage/package.cpp
Examining data/kpackage-5.74.0/src/kpackage/packagestructure.h
Examining data/kpackage-5.74.0/src/kpackage/packageloader.h
Examining data/kpackage-5.74.0/src/kpackage/version.h
Examining data/kpackage-5.74.0/src/kpackage/packagestructure.cpp
Examining data/kpackage-5.74.0/src/kpackage/private/package_p.h
Examining data/kpackage-5.74.0/src/kpackage/private/packages.cpp
Examining data/kpackage-5.74.0/src/kpackage/private/packagejob_p.h
Examining data/kpackage-5.74.0/src/kpackage/private/packageloader_p.h
Examining data/kpackage-5.74.0/src/kpackage/private/packagejobthread.cpp
Examining data/kpackage-5.74.0/src/kpackage/private/packagejob.cpp
Examining data/kpackage-5.74.0/src/kpackage/private/packages_p.h
Examining data/kpackage-5.74.0/src/kpackage/private/versionparser.cpp
Examining data/kpackage-5.74.0/src/kpackage/private/packagejobthread_p.h
Examining data/kpackage-5.74.0/src/kpackage/packageloader.cpp
FINAL RESULTS:
data/kpackage-5.74.0/autotests/plasmoidpackagetest.cpp:61:18: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
QVERIFY(file.open(QIODevice::WriteOnly | QIODevice::Text));
data/kpackage-5.74.0/autotests/plasmoidpackagetest.cpp:78:18: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
QVERIFY(file.open(QIODevice::WriteOnly | QIODevice::Text));
data/kpackage-5.74.0/autotests/plasmoidpackagetest.cpp:92:18: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
QVERIFY(file.open(QIODevice::WriteOnly | QIODevice::Text));
data/kpackage-5.74.0/autotests/plasmoidpackagetest.cpp:100:18: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
QVERIFY(file.open(QIODevice::WriteOnly | QIODevice::Text));
data/kpackage-5.74.0/autotests/plasmoidpackagetest.cpp:112:18: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
QVERIFY(file.open(QIODevice::WriteOnly | QIODevice::Text));
data/kpackage-5.74.0/autotests/plasmoidpackagetest.cpp:144:18: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
QVERIFY(file.open(QIODevice::WriteOnly | QIODevice::Text));
data/kpackage-5.74.0/autotests/plasmoidpackagetest.cpp:164:18: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
QVERIFY(file.open(QIODevice::WriteOnly | QIODevice::Text));
data/kpackage-5.74.0/autotests/plasmoidpackagetest.cpp:197:18: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
QVERIFY(file.open(QIODevice::WriteOnly | QIODevice::Text));
data/kpackage-5.74.0/autotests/plasmoidpackagetest.cpp:257:21: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
QVERIFY(creator.open(QIODevice::WriteOnly));
data/kpackage-5.74.0/autotests/plasmoidpackagetest.cpp:266:21: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
QVERIFY(package.open(QIODevice::ReadOnly));
data/kpackage-5.74.0/autotests/plasmoidpackagetest.cpp:301:21: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
QVERIFY(creator.open(QIODevice::WriteOnly));
data/kpackage-5.74.0/autotests/plasmoidpackagetest.cpp:339:21: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
QVERIFY(creator.open(QIODevice::WriteOnly));
data/kpackage-5.74.0/autotests/plasmoidpackagetest.cpp:348:21: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
QVERIFY(package.open(QIODevice::ReadOnly));
data/kpackage-5.74.0/autotests/plasmoidpackagetest.cpp:382:22: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
QVERIFY(creator2.open(QIODevice::WriteOnly));
data/kpackage-5.74.0/src/kpackage/package.cpp:254:29: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (archive && archive->open(QIODevice::ReadOnly)) {
data/kpackage-5.74.0/src/kpackage/package.cpp:637:15: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (f.open(QIODevice::ReadOnly)) {
data/kpackage-5.74.0/src/kpackage/package.cpp:943:19: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (f.open(QIODevice::ReadOnly)) {
data/kpackage-5.74.0/src/kpackage/packageloader.cpp:221:23: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
indexFile.open(QIODevice::ReadOnly);
data/kpackage-5.74.0/src/kpackage/packageloader.cpp:322:23: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
indexFile.open(QIODevice::ReadOnly);
data/kpackage-5.74.0/src/kpackage/private/packagejobthread.cpp:136:15: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!file.open(QIODevice::WriteOnly)) {
data/kpackage-5.74.0/src/kpackage/private/packagejobthread.cpp:253:23: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!archive->open(QIODevice::ReadOnly)) {
data/kpackage-5.74.0/src/kpackage/private/packagejobthread.cpp:289:19: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if(!f.open(QIODevice::ReadOnly)){
data/kpackage-5.74.0/src/kpackagetool/kpackagetool.cpp:67:23: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
indexFile.open(QIODevice::ReadOnly);
data/kpackage-5.74.0/src/kpackagetool/kpackagetool.cpp:506:26: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!outputFile->open(QFile::WriteOnly | QFile::Text)) {
data/kpackage-5.74.0/src/kpackage/package.cpp:639:32: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
hash.addData(f.read(1024));
data/kpackage-5.74.0/src/kpackage/package.cpp:945:36: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
hash.addData(f.read(1024));
ANALYSIS SUMMARY:
Hits = 26
Lines analyzed = 5586 in approximately 0.68 seconds (8171 lines/second)
Physical Source Lines of Code (SLOC) = 3798
Hits@level = [0] 0 [1] 2 [2] 24 [3] 0 [4] 0 [5] 0
Hits@level+ = [0+] 26 [1+] 26 [2+] 24 [3+] 0 [4+] 0 [5+] 0
Hits/KSLOC@level+ = [0+] 6.84571 [1+] 6.84571 [2+] 6.31912 [3+] 0 [4+] 0 [5+] 0
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.