Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler. Number of rules (primarily dangerous function names) in C/C++ ruleset: 223 Examining data/ksudoku-20.04.2/src/ksudoku_types.h Examining data/ksudoku-20.04.2/src/shapes/shapegen2.c Examining data/ksudoku-20.04.2/src/logic/skgraph.cpp Examining data/ksudoku-20.04.2/src/logic/puzzle.h Examining data/ksudoku-20.04.2/src/logic/puzzle.cpp Examining data/ksudoku-20.04.2/src/logic/skgraph.h Examining data/ksudoku-20.04.2/src/main.cpp Examining data/ksudoku-20.04.2/src/gui/serializer.cpp Examining data/ksudoku-20.04.2/src/gui/ksudoku.cpp Examining data/ksudoku-20.04.2/src/gui/gamevariants.cpp Examining data/ksudoku-20.04.2/src/gui/symbols.cpp Examining data/ksudoku-20.04.2/src/gui/ksudokugame.h Examining data/ksudoku-20.04.2/src/gui/welcomescreen.cpp Examining data/ksudoku-20.04.2/src/gui/ksudoku.h Examining data/ksudoku-20.04.2/src/gui/puzzleprinter.cpp Examining data/ksudoku-20.04.2/src/gui/history.h Examining data/ksudoku-20.04.2/src/gui/puzzleprinter.h Examining data/ksudoku-20.04.2/src/gui/welcomescreen.h Examining data/ksudoku-20.04.2/src/gui/ksudokugame.cpp Examining data/ksudoku-20.04.2/src/gui/config.h Examining data/ksudoku-20.04.2/src/gui/gamevariants.h Examining data/ksudoku-20.04.2/src/gui/ksudoku_client.cpp Examining data/ksudoku-20.04.2/src/gui/views/ksview.h Examining data/ksudoku-20.04.2/src/gui/views/valuelistwidget.h Examining data/ksudoku-20.04.2/src/gui/views/gameactions.cpp Examining data/ksudoku-20.04.2/src/gui/views/ArcBall.cpp Examining data/ksudoku-20.04.2/src/gui/views/valuelistwidget.cpp Examining data/ksudoku-20.04.2/src/gui/views/roxdokuview.cpp Examining data/ksudoku-20.04.2/src/gui/views/ksview.cpp Examining data/ksudoku-20.04.2/src/gui/views/view2d.h Examining data/ksudoku-20.04.2/src/gui/views/view2d.cpp Examining data/ksudoku-20.04.2/src/gui/views/ArcBall.h Examining data/ksudoku-20.04.2/src/gui/views/gameactions.h Examining data/ksudoku-20.04.2/src/gui/views/renderer.h Examining data/ksudoku-20.04.2/src/gui/views/roxdokuview.h Examining data/ksudoku-20.04.2/src/gui/views/renderer.cpp Examining data/ksudoku-20.04.2/src/gui/serializer.h Examining data/ksudoku-20.04.2/src/gui/symbols.h Examining data/ksudoku-20.04.2/src/gui/config.cpp Examining data/ksudoku-20.04.2/src/gui/history.cpp Examining data/ksudoku-20.04.2/src/globals.h Examining data/ksudoku-20.04.2/src/generator/mathdokugenerator.h Examining data/ksudoku-20.04.2/src/generator/cagegenerator.h Examining data/ksudoku-20.04.2/src/generator/state.cpp Examining data/ksudoku-20.04.2/src/generator/cagegenerator.cpp Examining data/ksudoku-20.04.2/src/generator/dlxsolver.h Examining data/ksudoku-20.04.2/src/generator/debug.h Parsing failed to find end of parameter list in ( #define dbo1 if(dbgLevel>=1)printf( #define dbo2 if(dbgLevel>=2)printf( #define dbo3 if(dbgLevel>=3)printf( #endif Parsing failed to find end of parameter list in ( #define dbo2 if(dbgLevel>=2)printf( #define dbo3 if(dbgLevel>=3)printf( #endif Parsing failed to find end of parameter list in ( #define dbo3 if(dbgLevel>=3)printf( #endif Parsing failed to find end of parameter list in ( #endif Examining data/ksudoku-20.04.2/src/generator/dlxsolver.cpp Examining data/ksudoku-20.04.2/src/generator/sudokuboard.h Examining data/ksudoku-20.04.2/src/generator/sudokuboard.cpp Examining data/ksudoku-20.04.2/src/generator/mathdokugenerator.cpp Examining data/ksudoku-20.04.2/src/generator/state.h FINAL RESULTS: data/ksudoku-20.04.2/src/generator/debug.h:23:14: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. #define dbo printf( data/ksudoku-20.04.2/src/generator/debug.h:24:29: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. #define dbo1 if(dbgLevel>=1)printf( data/ksudoku-20.04.2/src/generator/debug.h:25:29: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. #define dbo2 if(dbgLevel>=2)printf( data/ksudoku-20.04.2/src/generator/debug.h:26:29: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. #define dbo3 if(dbgLevel>=3)printf( data/ksudoku-20.04.2/src/gui/ksudoku.cpp:903:16: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if ( !archive.open( QIODevice::ReadOnly ) ) data/ksudoku-20.04.2/src/gui/serializer.cpp:418:13: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if ( !file.open(QIODevice::ReadOnly) ) { data/ksudoku-20.04.2/src/gui/serializer.cpp:695:13: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if ( !file.open() ) { ANALYSIS SUMMARY: Hits = 7 Lines analyzed = 13310 in approximately 1.30 seconds (10214 lines/second) Physical Source Lines of Code (SLOC) = 8709 Hits@level = [0] 44 [1] 0 [2] 3 [3] 0 [4] 4 [5] 0 Hits@level+ = [0+] 51 [1+] 7 [2+] 7 [3+] 4 [4+] 4 [5+] 0 Hits/KSLOC@level+ = [0+] 5.85601 [1+] 0.803766 [2+] 0.803766 [3+] 0.459295 [4+] 0.459295 [5+] 0 Dot directories skipped = 1 (--followdotdir overrides) Minimum risk level = 1 Not every hit is necessarily a security vulnerability. There may be other security vulnerabilities; review your code! See 'Secure Programming HOWTO' (https://dwheeler.com/secure-programs) for more information.