Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler. Number of rules (primarily dangerous function names) in C/C++ ruleset: 223 Examining data/kpmcore-4.2.0/src/backend/corebackend.cpp Examining data/kpmcore-4.2.0/src/backend/corebackend.h Examining data/kpmcore-4.2.0/src/backend/corebackenddevice.cpp Examining data/kpmcore-4.2.0/src/backend/corebackenddevice.h Examining data/kpmcore-4.2.0/src/backend/corebackendmanager.cpp Examining data/kpmcore-4.2.0/src/backend/corebackendmanager.h Examining data/kpmcore-4.2.0/src/backend/corebackendpartitiontable.cpp Examining data/kpmcore-4.2.0/src/backend/corebackendpartitiontable.h Examining data/kpmcore-4.2.0/src/core/copysource.cpp Examining data/kpmcore-4.2.0/src/core/copysource.h Examining data/kpmcore-4.2.0/src/core/copysourcedevice.cpp Examining data/kpmcore-4.2.0/src/core/copysourcedevice.h Examining data/kpmcore-4.2.0/src/core/copysourcefile.cpp Examining data/kpmcore-4.2.0/src/core/copysourcefile.h Examining data/kpmcore-4.2.0/src/core/copysourceshred.cpp Examining data/kpmcore-4.2.0/src/core/copysourceshred.h Examining data/kpmcore-4.2.0/src/core/copytarget.cpp Examining data/kpmcore-4.2.0/src/core/copytarget.h Examining data/kpmcore-4.2.0/src/core/copytargetbytearray.cpp Examining data/kpmcore-4.2.0/src/core/copytargetbytearray.h Examining data/kpmcore-4.2.0/src/core/copytargetdevice.cpp Examining data/kpmcore-4.2.0/src/core/copytargetdevice.h Examining data/kpmcore-4.2.0/src/core/copytargetfile.cpp Examining data/kpmcore-4.2.0/src/core/copytargetfile.h Examining data/kpmcore-4.2.0/src/core/device.cpp Examining data/kpmcore-4.2.0/src/core/device.h Examining data/kpmcore-4.2.0/src/core/device_p.h Examining data/kpmcore-4.2.0/src/core/devicescanner.cpp Examining data/kpmcore-4.2.0/src/core/devicescanner.h Examining data/kpmcore-4.2.0/src/core/diskdevice.cpp Examining data/kpmcore-4.2.0/src/core/diskdevice.h Examining data/kpmcore-4.2.0/src/core/fstab.cpp Examining data/kpmcore-4.2.0/src/core/fstab.h Examining data/kpmcore-4.2.0/src/core/lvmdevice.cpp Examining data/kpmcore-4.2.0/src/core/lvmdevice.h Examining data/kpmcore-4.2.0/src/core/operationrunner.cpp Examining data/kpmcore-4.2.0/src/core/operationrunner.h Examining data/kpmcore-4.2.0/src/core/operationstack.cpp Examining data/kpmcore-4.2.0/src/core/operationstack.h Examining data/kpmcore-4.2.0/src/core/partition.cpp Examining data/kpmcore-4.2.0/src/core/partition.h Examining data/kpmcore-4.2.0/src/core/partitionalignment.cpp Examining data/kpmcore-4.2.0/src/core/partitionalignment.h Examining data/kpmcore-4.2.0/src/core/partitionnode.cpp Examining data/kpmcore-4.2.0/src/core/partitionnode.h Examining data/kpmcore-4.2.0/src/core/partitionrole.cpp Examining data/kpmcore-4.2.0/src/core/partitionrole.h Examining data/kpmcore-4.2.0/src/core/partitiontable.cpp Examining data/kpmcore-4.2.0/src/core/partitiontable.h Examining data/kpmcore-4.2.0/src/core/raid/softwareraid.cpp Examining data/kpmcore-4.2.0/src/core/raid/softwareraid.h Examining data/kpmcore-4.2.0/src/core/smartattribute.cpp Examining data/kpmcore-4.2.0/src/core/smartattribute.h Examining data/kpmcore-4.2.0/src/core/smartattributeparseddata.cpp Examining data/kpmcore-4.2.0/src/core/smartattributeparseddata.h Examining data/kpmcore-4.2.0/src/core/smartdiskinformation.cpp Examining data/kpmcore-4.2.0/src/core/smartdiskinformation.h Examining data/kpmcore-4.2.0/src/core/smartparser.cpp Examining data/kpmcore-4.2.0/src/core/smartparser.h Examining data/kpmcore-4.2.0/src/core/smartstatus.cpp Examining data/kpmcore-4.2.0/src/core/smartstatus.h Examining data/kpmcore-4.2.0/src/core/volumemanagerdevice.cpp Examining data/kpmcore-4.2.0/src/core/volumemanagerdevice.h Examining data/kpmcore-4.2.0/src/core/volumemanagerdevice_p.h Examining data/kpmcore-4.2.0/src/fs/apfs.cpp Examining data/kpmcore-4.2.0/src/fs/apfs.h Examining data/kpmcore-4.2.0/src/fs/bitlocker.cpp Examining data/kpmcore-4.2.0/src/fs/bitlocker.h Examining data/kpmcore-4.2.0/src/fs/btrfs.cpp Examining data/kpmcore-4.2.0/src/fs/btrfs.h Examining data/kpmcore-4.2.0/src/fs/exfat.cpp Examining data/kpmcore-4.2.0/src/fs/exfat.h Examining data/kpmcore-4.2.0/src/fs/ext2.cpp Examining data/kpmcore-4.2.0/src/fs/ext2.h Examining data/kpmcore-4.2.0/src/fs/ext3.cpp Examining data/kpmcore-4.2.0/src/fs/ext3.h Examining data/kpmcore-4.2.0/src/fs/ext4.cpp Examining data/kpmcore-4.2.0/src/fs/ext4.h Examining data/kpmcore-4.2.0/src/fs/extended.cpp Examining data/kpmcore-4.2.0/src/fs/extended.h Examining data/kpmcore-4.2.0/src/fs/f2fs.cpp Examining data/kpmcore-4.2.0/src/fs/f2fs.h Examining data/kpmcore-4.2.0/src/fs/fat12.cpp Examining data/kpmcore-4.2.0/src/fs/fat12.h Examining data/kpmcore-4.2.0/src/fs/fat16.cpp Examining data/kpmcore-4.2.0/src/fs/fat16.h Examining data/kpmcore-4.2.0/src/fs/fat32.cpp Examining data/kpmcore-4.2.0/src/fs/fat32.h Examining data/kpmcore-4.2.0/src/fs/filesystem.cpp Examining data/kpmcore-4.2.0/src/fs/filesystem.h Examining data/kpmcore-4.2.0/src/fs/filesystem_p.h Examining data/kpmcore-4.2.0/src/fs/filesystemfactory.cpp Examining data/kpmcore-4.2.0/src/fs/filesystemfactory.h Examining data/kpmcore-4.2.0/src/fs/hfs.cpp Examining data/kpmcore-4.2.0/src/fs/hfs.h Examining data/kpmcore-4.2.0/src/fs/hfsplus.cpp Examining data/kpmcore-4.2.0/src/fs/hfsplus.h Examining data/kpmcore-4.2.0/src/fs/hpfs.cpp Examining data/kpmcore-4.2.0/src/fs/hpfs.h Examining data/kpmcore-4.2.0/src/fs/iso9660.cpp Examining data/kpmcore-4.2.0/src/fs/iso9660.h Examining data/kpmcore-4.2.0/src/fs/jfs.cpp Examining data/kpmcore-4.2.0/src/fs/jfs.h Examining data/kpmcore-4.2.0/src/fs/linuxraidmember.cpp Examining data/kpmcore-4.2.0/src/fs/linuxraidmember.h Examining data/kpmcore-4.2.0/src/fs/linuxswap.cpp Examining data/kpmcore-4.2.0/src/fs/linuxswap.h Examining data/kpmcore-4.2.0/src/fs/luks.cpp Examining data/kpmcore-4.2.0/src/fs/luks.h Examining data/kpmcore-4.2.0/src/fs/luks2.cpp Examining data/kpmcore-4.2.0/src/fs/luks2.h Examining data/kpmcore-4.2.0/src/fs/lvm2_pv.cpp Examining data/kpmcore-4.2.0/src/fs/lvm2_pv.h Examining data/kpmcore-4.2.0/src/fs/minix.cpp Examining data/kpmcore-4.2.0/src/fs/minix.h Examining data/kpmcore-4.2.0/src/fs/nilfs2.cpp Examining data/kpmcore-4.2.0/src/fs/nilfs2.h Examining data/kpmcore-4.2.0/src/fs/ntfs.cpp Examining data/kpmcore-4.2.0/src/fs/ntfs.h Examining data/kpmcore-4.2.0/src/fs/ocfs2.cpp Examining data/kpmcore-4.2.0/src/fs/ocfs2.h Examining data/kpmcore-4.2.0/src/fs/reiser4.cpp Examining data/kpmcore-4.2.0/src/fs/reiser4.h Examining data/kpmcore-4.2.0/src/fs/reiserfs.cpp Examining data/kpmcore-4.2.0/src/fs/reiserfs.h Examining data/kpmcore-4.2.0/src/fs/udf.cpp Examining data/kpmcore-4.2.0/src/fs/udf.h Examining data/kpmcore-4.2.0/src/fs/ufs.cpp Examining data/kpmcore-4.2.0/src/fs/ufs.h Examining data/kpmcore-4.2.0/src/fs/unformatted.cpp Examining data/kpmcore-4.2.0/src/fs/unformatted.h Examining data/kpmcore-4.2.0/src/fs/unknown.cpp Examining data/kpmcore-4.2.0/src/fs/unknown.h Examining data/kpmcore-4.2.0/src/fs/xfs.cpp Examining data/kpmcore-4.2.0/src/fs/xfs.h Examining data/kpmcore-4.2.0/src/fs/zfs.cpp Examining data/kpmcore-4.2.0/src/fs/zfs.h Examining data/kpmcore-4.2.0/src/gui/partresizerwidget.cpp Examining data/kpmcore-4.2.0/src/gui/partresizerwidget.h Examining data/kpmcore-4.2.0/src/gui/partwidget.cpp Examining data/kpmcore-4.2.0/src/gui/partwidget.h Examining data/kpmcore-4.2.0/src/gui/partwidgetbase.cpp Examining data/kpmcore-4.2.0/src/gui/partwidgetbase.h Examining data/kpmcore-4.2.0/src/jobs/backupfilesystemjob.cpp Examining data/kpmcore-4.2.0/src/jobs/backupfilesystemjob.h Examining data/kpmcore-4.2.0/src/jobs/checkfilesystemjob.cpp Examining data/kpmcore-4.2.0/src/jobs/checkfilesystemjob.h Examining data/kpmcore-4.2.0/src/jobs/copyfilesystemjob.cpp Examining data/kpmcore-4.2.0/src/jobs/copyfilesystemjob.h Examining data/kpmcore-4.2.0/src/jobs/createfilesystemjob.cpp Examining data/kpmcore-4.2.0/src/jobs/createfilesystemjob.h Examining data/kpmcore-4.2.0/src/jobs/createpartitionjob.cpp Examining data/kpmcore-4.2.0/src/jobs/createpartitionjob.h Examining data/kpmcore-4.2.0/src/jobs/createpartitiontablejob.cpp Examining data/kpmcore-4.2.0/src/jobs/createpartitiontablejob.h Examining data/kpmcore-4.2.0/src/jobs/createvolumegroupjob.cpp Examining data/kpmcore-4.2.0/src/jobs/createvolumegroupjob.h Examining data/kpmcore-4.2.0/src/jobs/deactivatelogicalvolumejob.cpp Examining data/kpmcore-4.2.0/src/jobs/deactivatelogicalvolumejob.h Examining data/kpmcore-4.2.0/src/jobs/deactivatevolumegroupjob.cpp Examining data/kpmcore-4.2.0/src/jobs/deactivatevolumegroupjob.h Examining data/kpmcore-4.2.0/src/jobs/deletefilesystemjob.cpp Examining data/kpmcore-4.2.0/src/jobs/deletefilesystemjob.h Examining data/kpmcore-4.2.0/src/jobs/deletepartitionjob.cpp Examining data/kpmcore-4.2.0/src/jobs/deletepartitionjob.h Examining data/kpmcore-4.2.0/src/jobs/job.cpp Examining data/kpmcore-4.2.0/src/jobs/job.h Examining data/kpmcore-4.2.0/src/jobs/movefilesystemjob.cpp Examining data/kpmcore-4.2.0/src/jobs/movefilesystemjob.h Examining data/kpmcore-4.2.0/src/jobs/movephysicalvolumejob.cpp Examining data/kpmcore-4.2.0/src/jobs/movephysicalvolumejob.h Examining data/kpmcore-4.2.0/src/jobs/removevolumegroupjob.cpp Examining data/kpmcore-4.2.0/src/jobs/removevolumegroupjob.h Examining data/kpmcore-4.2.0/src/jobs/resizefilesystemjob.cpp Examining data/kpmcore-4.2.0/src/jobs/resizefilesystemjob.h Examining data/kpmcore-4.2.0/src/jobs/resizevolumegroupjob.cpp Examining data/kpmcore-4.2.0/src/jobs/resizevolumegroupjob.h Examining data/kpmcore-4.2.0/src/jobs/restorefilesystemjob.cpp Examining data/kpmcore-4.2.0/src/jobs/restorefilesystemjob.h Examining data/kpmcore-4.2.0/src/jobs/setfilesystemlabeljob.cpp Examining data/kpmcore-4.2.0/src/jobs/setfilesystemlabeljob.h Examining data/kpmcore-4.2.0/src/jobs/setpartflagsjob.cpp Examining data/kpmcore-4.2.0/src/jobs/setpartflagsjob.h Examining data/kpmcore-4.2.0/src/jobs/setpartgeometryjob.cpp Examining data/kpmcore-4.2.0/src/jobs/setpartgeometryjob.h Examining data/kpmcore-4.2.0/src/jobs/setpartitionattributesjob.cpp Examining data/kpmcore-4.2.0/src/jobs/setpartitionattributesjob.h Examining data/kpmcore-4.2.0/src/jobs/setpartitionlabeljob.cpp Examining data/kpmcore-4.2.0/src/jobs/setpartitionlabeljob.h Examining data/kpmcore-4.2.0/src/jobs/setpartitionuuidjob.cpp Examining data/kpmcore-4.2.0/src/jobs/setpartitionuuidjob.h Examining data/kpmcore-4.2.0/src/jobs/shredfilesystemjob.cpp Examining data/kpmcore-4.2.0/src/jobs/shredfilesystemjob.h Examining data/kpmcore-4.2.0/src/ops/backupoperation.cpp Examining data/kpmcore-4.2.0/src/ops/backupoperation.h Examining data/kpmcore-4.2.0/src/ops/checkoperation.cpp Examining data/kpmcore-4.2.0/src/ops/checkoperation.h Examining data/kpmcore-4.2.0/src/ops/copyoperation.cpp Examining data/kpmcore-4.2.0/src/ops/copyoperation.h Examining data/kpmcore-4.2.0/src/ops/createfilesystemoperation.cpp Examining data/kpmcore-4.2.0/src/ops/createfilesystemoperation.h Examining data/kpmcore-4.2.0/src/ops/createpartitiontableoperation.cpp Examining data/kpmcore-4.2.0/src/ops/createpartitiontableoperation.h Examining data/kpmcore-4.2.0/src/ops/createvolumegroupoperation.cpp Examining data/kpmcore-4.2.0/src/ops/createvolumegroupoperation.h Examining data/kpmcore-4.2.0/src/ops/deactivatevolumegroupoperation.cpp Examining data/kpmcore-4.2.0/src/ops/deactivatevolumegroupoperation.h Examining data/kpmcore-4.2.0/src/ops/deleteoperation.cpp Examining data/kpmcore-4.2.0/src/ops/deleteoperation.h Examining data/kpmcore-4.2.0/src/ops/newoperation.cpp Examining data/kpmcore-4.2.0/src/ops/newoperation.h Examining data/kpmcore-4.2.0/src/ops/operation.cpp Examining data/kpmcore-4.2.0/src/ops/operation.h Examining data/kpmcore-4.2.0/src/ops/operation_p.h Examining data/kpmcore-4.2.0/src/ops/removevolumegroupoperation.cpp Examining data/kpmcore-4.2.0/src/ops/removevolumegroupoperation.h Examining data/kpmcore-4.2.0/src/ops/resizeoperation.cpp Examining data/kpmcore-4.2.0/src/ops/resizeoperation.h Examining data/kpmcore-4.2.0/src/ops/resizevolumegroupoperation.cpp Examining data/kpmcore-4.2.0/src/ops/resizevolumegroupoperation.h Examining data/kpmcore-4.2.0/src/ops/restoreoperation.cpp Examining data/kpmcore-4.2.0/src/ops/restoreoperation.h Examining data/kpmcore-4.2.0/src/ops/setfilesystemlabeloperation.cpp Examining data/kpmcore-4.2.0/src/ops/setfilesystemlabeloperation.h Examining data/kpmcore-4.2.0/src/ops/setpartflagsoperation.cpp Examining data/kpmcore-4.2.0/src/ops/setpartflagsoperation.h Examining data/kpmcore-4.2.0/src/plugins/dummy/dummybackend.cpp Examining data/kpmcore-4.2.0/src/plugins/dummy/dummybackend.h Examining data/kpmcore-4.2.0/src/plugins/dummy/dummydevice.cpp Examining data/kpmcore-4.2.0/src/plugins/dummy/dummydevice.h Examining data/kpmcore-4.2.0/src/plugins/dummy/dummypartitiontable.cpp Examining data/kpmcore-4.2.0/src/plugins/dummy/dummypartitiontable.h Examining data/kpmcore-4.2.0/src/plugins/sfdisk/sfdiskbackend.cpp Examining data/kpmcore-4.2.0/src/plugins/sfdisk/sfdiskbackend.h Examining data/kpmcore-4.2.0/src/plugins/sfdisk/sfdiskdevice.cpp Examining data/kpmcore-4.2.0/src/plugins/sfdisk/sfdiskdevice.h Examining data/kpmcore-4.2.0/src/plugins/sfdisk/sfdiskgptattributes.cpp Examining data/kpmcore-4.2.0/src/plugins/sfdisk/sfdiskgptattributes.h Examining data/kpmcore-4.2.0/src/plugins/sfdisk/sfdiskpartitiontable.cpp Examining data/kpmcore-4.2.0/src/plugins/sfdisk/sfdiskpartitiontable.h Examining data/kpmcore-4.2.0/src/util/capacity.cpp Examining data/kpmcore-4.2.0/src/util/capacity.h Examining data/kpmcore-4.2.0/src/util/externalcommand.cpp Examining data/kpmcore-4.2.0/src/util/externalcommand.h Examining data/kpmcore-4.2.0/src/util/externalcommand_whitelist.h Examining data/kpmcore-4.2.0/src/util/externalcommandhelper.cpp Examining data/kpmcore-4.2.0/src/util/externalcommandhelper.h Examining data/kpmcore-4.2.0/src/util/globallog.cpp Examining data/kpmcore-4.2.0/src/util/globallog.h Examining data/kpmcore-4.2.0/src/util/helpers.cpp Examining data/kpmcore-4.2.0/src/util/helpers.h Examining data/kpmcore-4.2.0/src/util/htmlreport.cpp Examining data/kpmcore-4.2.0/src/util/htmlreport.h Examining data/kpmcore-4.2.0/src/util/libpartitionmanagerexport.h Examining data/kpmcore-4.2.0/src/util/report.cpp Examining data/kpmcore-4.2.0/src/util/report.h Examining data/kpmcore-4.2.0/test/helpers.cpp Examining data/kpmcore-4.2.0/test/helpers.h Examining data/kpmcore-4.2.0/test/testdevice.cpp Examining data/kpmcore-4.2.0/test/testdevice.h Examining data/kpmcore-4.2.0/test/testdevicescanner.cpp Examining data/kpmcore-4.2.0/test/testexternalcommand.cpp Examining data/kpmcore-4.2.0/test/testinit.cpp Examining data/kpmcore-4.2.0/test/testlist.cpp FINAL RESULTS: data/kpmcore-4.2.0/src/backend/corebackenddevice.h:59:18: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). virtual bool open() = 0; data/kpmcore-4.2.0/src/backend/corebackendpartitiontable.h:37:18: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). virtual bool open() = 0; data/kpmcore-4.2.0/src/core/copysource.h:35:18: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). virtual bool open() = 0; data/kpmcore-4.2.0/src/core/copysourcedevice.cpp:37:24: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). bool CopySourceDevice::open() data/kpmcore-4.2.0/src/core/copysourcedevice.h:40:10: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). bool open() override; data/kpmcore-4.2.0/src/core/copysourcefile.cpp:25:22: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). bool CopySourceFile::open() data/kpmcore-4.2.0/src/core/copysourcefile.cpp:27:19: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). return file().open(QIODevice::ReadOnly); data/kpmcore-4.2.0/src/core/copysourcefile.h:32:10: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). bool open() override; data/kpmcore-4.2.0/src/core/copysourceshred.cpp:24:23: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). bool CopySourceShred::open() data/kpmcore-4.2.0/src/core/copysourceshred.cpp:26:25: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). return sourceFile().open(QIODevice::ReadOnly); data/kpmcore-4.2.0/src/core/copysourceshred.h:32:10: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). bool open() override; data/kpmcore-4.2.0/src/core/copytarget.h:34:18: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). virtual bool open() = 0; data/kpmcore-4.2.0/src/core/copytargetbytearray.h:29:10: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). bool open() override { data/kpmcore-4.2.0/src/core/copytargetdevice.cpp:35:24: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). bool CopyTargetDevice::open() data/kpmcore-4.2.0/src/core/copytargetdevice.h:41:10: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). bool open() override; data/kpmcore-4.2.0/src/core/copytargetfile.cpp:22:22: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). bool CopyTargetFile::open() data/kpmcore-4.2.0/src/core/copytargetfile.cpp:24:19: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). return file().open(QIODevice::WriteOnly | QIODevice::Truncate); data/kpmcore-4.2.0/src/core/copytargetfile.h:32:10: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). bool open() override; data/kpmcore-4.2.0/src/core/diskdevice.cpp:57:14: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). int fd = open(device_node.toLocal8Bit().constData(), O_RDONLY); data/kpmcore-4.2.0/src/core/diskdevice.cpp:70:11: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if (f.open(QIODevice::ReadOnly)) { data/kpmcore-4.2.0/src/core/fstab.cpp:63:20: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if ( fstabFile.open( QIODevice::ReadOnly | QIODevice::Text ) ) data/kpmcore-4.2.0/src/core/raid/softwareraid.cpp:177:16: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if (mdstat.open(QIODevice::ReadOnly)) { data/kpmcore-4.2.0/src/core/raid/softwareraid.cpp:420:17: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if (!mdstat.open(QIODevice::ReadOnly)) data/kpmcore-4.2.0/src/core/raid/softwareraid.cpp:467:17: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if (!config.open(QIODevice::ReadOnly)) data/kpmcore-4.2.0/src/fs/fat32.cpp:47:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char uuid[4]; data/kpmcore-4.2.0/src/fs/linuxswap.cpp:178:19: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if (swapsFile.open(QIODevice::ReadOnly)) { data/kpmcore-4.2.0/src/jobs/backupfilesystemjob.cpp:53:25: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if (!copySource.open()) data/kpmcore-4.2.0/src/jobs/backupfilesystemjob.cpp:55:30: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). else if (!copyTarget.open()) data/kpmcore-4.2.0/src/jobs/copyfilesystemjob.cpp:55:25: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if (!copySource.open()) data/kpmcore-4.2.0/src/jobs/copyfilesystemjob.cpp:57:30: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). else if (!copyTarget.open()) data/kpmcore-4.2.0/src/jobs/job.cpp:73:25: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if (!undoSource.open()) { data/kpmcore-4.2.0/src/jobs/job.cpp:79:25: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if (!undoTarget.open()) { data/kpmcore-4.2.0/src/jobs/movefilesystemjob.cpp:51:25: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if (!moveSource.open()) data/kpmcore-4.2.0/src/jobs/movefilesystemjob.cpp:53:30: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). else if (!moveTarget.open()) data/kpmcore-4.2.0/src/jobs/restorefilesystemjob.cpp:61:25: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if (!copySource.open()) data/kpmcore-4.2.0/src/jobs/restorefilesystemjob.cpp:63:30: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). else if (!copyTarget.open()) data/kpmcore-4.2.0/src/jobs/shredfilesystemjob.cpp:60:25: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if (!copySource.open()) data/kpmcore-4.2.0/src/jobs/shredfilesystemjob.cpp:62:30: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). else if (!copyTarget.open()) data/kpmcore-4.2.0/src/plugins/dummy/dummybackend.cpp:95:18: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if (!device->open()) data/kpmcore-4.2.0/src/plugins/dummy/dummydevice.cpp:26:19: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). bool DummyDevice::open() data/kpmcore-4.2.0/src/plugins/dummy/dummydevice.h:30:10: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). bool open() override; data/kpmcore-4.2.0/src/plugins/dummy/dummypartitiontable.cpp:28:27: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). bool DummyPartitionTable::open() data/kpmcore-4.2.0/src/plugins/dummy/dummypartitiontable.h:29:10: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). bool open() override; data/kpmcore-4.2.0/src/plugins/sfdisk/sfdiskbackend.cpp:97:23: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if (f.open(QIODevice::ReadOnly)) data/kpmcore-4.2.0/src/plugins/sfdisk/sfdiskbackend.cpp:202:20: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if (mdstat.open(QIODevice::ReadOnly)) { data/kpmcore-4.2.0/src/plugins/sfdisk/sfdiskbackend.cpp:642:18: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if (!device->open()) data/kpmcore-4.2.0/src/plugins/sfdisk/sfdiskdevice.cpp:26:20: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). bool SfdiskDevice::open() data/kpmcore-4.2.0/src/plugins/sfdisk/sfdiskdevice.h:30:10: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). bool open() override; data/kpmcore-4.2.0/src/plugins/sfdisk/sfdiskpartitiontable.cpp:41:28: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). bool SfdiskPartitionTable::open() data/kpmcore-4.2.0/src/plugins/sfdisk/sfdiskpartitiontable.h:29:10: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). bool open() override; data/kpmcore-4.2.0/src/util/externalcommandhelper.cpp:76:17: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if (!device.open(QIODevice::ReadOnly | QIODevice::Unbuffered)) { data/kpmcore-4.2.0/src/util/externalcommandhelper.cpp:107:17: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if (!device.open(flags)) { data/kpmcore-4.2.0/src/util/externalcommandhelper.cpp:142:17: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if (!device.open(flags)) { data/kpmcore-4.2.0/src/util/externalcommandhelper.cpp:86:21: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). buffer = device.read(size); ANALYSIS SUMMARY: Hits = 54 Lines analyzed = 29843 in approximately 1.01 seconds (29422 lines/second) Physical Source Lines of Code (SLOC) = 20027 Hits@level = [0] 0 [1] 1 [2] 53 [3] 0 [4] 0 [5] 0 Hits@level+ = [0+] 54 [1+] 54 [2+] 53 [3+] 0 [4+] 0 [5+] 0 Hits/KSLOC@level+ = [0+] 2.69636 [1+] 2.69636 [2+] 2.64643 [3+] 0 [4+] 0 [5+] 0 Dot directories skipped = 2 (--followdotdir overrides) Minimum risk level = 1 Not every hit is necessarily a security vulnerability. There may be other security vulnerabilities; review your code! See 'Secure Programming HOWTO' (https://dwheeler.com/secure-programs) for more information.