Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/ksyntax-highlighting-5.74.0/autotests/repository_benchmark.cpp
Examining data/ksyntax-highlighting-5.74.0/autotests/input/highlight_lpc.c
Examining data/ksyntax-highlighting-5.74.0/autotests/input/systemc.c
Examining data/ksyntax-highlighting-5.74.0/autotests/input/test.c
Examining data/ksyntax-highlighting-5.74.0/autotests/input/highlight.cpp
Examining data/ksyntax-highlighting-5.74.0/autotests/input/test-numbers-bug423680.cpp
Examining data/ksyntax-highlighting-5.74.0/autotests/input/themes/showcase.cpp
Examining data/ksyntax-highlighting-5.74.0/autotests/htmlhighlighter_test.cpp
Examining data/ksyntax-highlighting-5.74.0/autotests/highlighter_benchmark.cpp
Examining data/ksyntax-highlighting-5.74.0/autotests/theme_test.cpp
Examining data/ksyntax-highlighting-5.74.0/autotests/foldingtest.cpp
Examining data/ksyntax-highlighting-5.74.0/autotests/testhighlighter.cpp
Examining data/ksyntax-highlighting-5.74.0/autotests/syntaxrepository_test.cpp
Examining data/ksyntax-highlighting-5.74.0/autotests/wildcardmatcher_test.cpp
Examining data/ksyntax-highlighting-5.74.0/examples/codeeditor/main.cpp
Examining data/ksyntax-highlighting-5.74.0/examples/codeeditor/codeeditor.cpp
Examining data/ksyntax-highlighting-5.74.0/examples/codeeditor/codeeditor.h
Examining data/ksyntax-highlighting-5.74.0/examples/codepdfprinter/main.cpp
Examining data/ksyntax-highlighting-5.74.0/examples/codepdfprinter/codepdfprinter.h
Examining data/ksyntax-highlighting-5.74.0/examples/codepdfprinter/codepdfprinter.cpp
Examining data/ksyntax-highlighting-5.74.0/examples/minimal/main.cpp
Examining data/ksyntax-highlighting-5.74.0/src/cli/kate-syntax-highlighter.cpp
Examining data/ksyntax-highlighting-5.74.0/src/lib/matchresult_p.h
Examining data/ksyntax-highlighting-5.74.0/src/lib/rule_p.h
Examining data/ksyntax-highlighting-5.74.0/src/lib/keywordlist.cpp
Examining data/ksyntax-highlighting-5.74.0/src/lib/format_p.h
Examining data/ksyntax-highlighting-5.74.0/src/lib/definitionref_p.h
Examining data/ksyntax-highlighting-5.74.0/src/lib/rule.cpp
Examining data/ksyntax-highlighting-5.74.0/src/lib/htmlhighlighter.cpp
Examining data/ksyntax-highlighting-5.74.0/src/lib/worddelimiters.cpp
Examining data/ksyntax-highlighting-5.74.0/src/lib/definition_p.h
Examining data/ksyntax-highlighting-5.74.0/src/lib/worddelimiters_p.h
Examining data/ksyntax-highlighting-5.74.0/src/lib/state.cpp
Examining data/ksyntax-highlighting-5.74.0/src/lib/htmlhighlighter.h
Examining data/ksyntax-highlighting-5.74.0/src/lib/foldingregion.cpp
Examining data/ksyntax-highlighting-5.74.0/src/lib/format.h
Examining data/ksyntax-highlighting-5.74.0/src/lib/abstracthighlighter_p.h
Examining data/ksyntax-highlighting-5.74.0/src/lib/definitiondownloader.cpp
Examining data/ksyntax-highlighting-5.74.0/src/lib/repository.cpp
Examining data/ksyntax-highlighting-5.74.0/src/lib/definition.cpp
Examining data/ksyntax-highlighting-5.74.0/src/lib/theme.h
Examining data/ksyntax-highlighting-5.74.0/src/lib/themedata_p.h
Examining data/ksyntax-highlighting-5.74.0/src/lib/foldingregion.h
Examining data/ksyntax-highlighting-5.74.0/src/lib/abstracthighlighter.cpp
Examining data/ksyntax-highlighting-5.74.0/src/lib/definition.h
Examining data/ksyntax-highlighting-5.74.0/src/lib/context_p.h
Examining data/ksyntax-highlighting-5.74.0/src/lib/wildcardmatcher_p.h
Examining data/ksyntax-highlighting-5.74.0/src/lib/syntaxhighlighter.cpp
Examining data/ksyntax-highlighting-5.74.0/src/lib/state_p.h
Examining data/ksyntax-highlighting-5.74.0/src/lib/wildcardmatcher.cpp
Examining data/ksyntax-highlighting-5.74.0/src/lib/repository.h
Examining data/ksyntax-highlighting-5.74.0/src/lib/context.cpp
Examining data/ksyntax-highlighting-5.74.0/src/lib/contextswitch.cpp
Examining data/ksyntax-highlighting-5.74.0/src/lib/definitiondownloader.h
Examining data/ksyntax-highlighting-5.74.0/src/lib/state.h
Examining data/ksyntax-highlighting-5.74.0/src/lib/xml_p.h
Examining data/ksyntax-highlighting-5.74.0/src/lib/theme.cpp
Examining data/ksyntax-highlighting-5.74.0/src/lib/syntaxhighlighter.h
Examining data/ksyntax-highlighting-5.74.0/src/lib/keywordlist_p.h
Examining data/ksyntax-highlighting-5.74.0/src/lib/textstyledata_p.h
Examining data/ksyntax-highlighting-5.74.0/src/lib/format.cpp
Examining data/ksyntax-highlighting-5.74.0/src/lib/contextswitch_p.h
Examining data/ksyntax-highlighting-5.74.0/src/lib/abstracthighlighter.h
Examining data/ksyntax-highlighting-5.74.0/src/lib/themedata.cpp
Examining data/ksyntax-highlighting-5.74.0/src/lib/repository_p.h
Examining data/ksyntax-highlighting-5.74.0/src/indexer/katehighlightingindexer.cpp
FINAL RESULTS:
data/ksyntax-highlighting-5.74.0/autotests/foldingtest.cpp:32:22: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!outFile.open(QFile::WriteOnly | QFile::Truncate)) {
data/ksyntax-highlighting-5.74.0/autotests/foldingtest.cpp:40:16: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!f.open(QFile::ReadOnly)) {
data/ksyntax-highlighting-5.74.0/autotests/foldingtest.cpp:161:59: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (syntaxOverride.exists() && syntaxOverride.open(QFile::ReadOnly))
data/ksyntax-highlighting-5.74.0/autotests/highlighter_benchmark.cpp:31:16: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!f.open(QFile::ReadOnly)) {
data/ksyntax-highlighting-5.74.0/autotests/highlighter_benchmark.cpp:96:59: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (syntaxOverride.exists() && syntaxOverride.open(QFile::ReadOnly))
data/ksyntax-highlighting-5.74.0/autotests/htmlhighlighter_test.cpp:65:59: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (syntaxOverride.exists() && syntaxOverride.open(QFile::ReadOnly))
data/ksyntax-highlighting-5.74.0/autotests/syntaxrepository_test.cpp:476:26: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
QVERIFY(file.open(QIODevice::WriteOnly));
data/ksyntax-highlighting-5.74.0/autotests/testhighlighter.cpp:32:22: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!outFile.open(QFile::WriteOnly | QFile::Truncate)) {
data/ksyntax-highlighting-5.74.0/autotests/testhighlighter.cpp:40:16: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!f.open(QFile::ReadOnly)) {
data/ksyntax-highlighting-5.74.0/autotests/testhighlighter.cpp:97:29: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
QVERIFY(coveredList.open(QFile::WriteOnly));
data/ksyntax-highlighting-5.74.0/autotests/testhighlighter.cpp:98:31: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
QVERIFY(uncoveredList.open(QFile::WriteOnly));
data/ksyntax-highlighting-5.74.0/autotests/testhighlighter.cpp:152:59: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (syntaxOverride.exists() && syntaxOverride.open(QFile::ReadOnly))
data/ksyntax-highlighting-5.74.0/autotests/theme_test.cpp:211:26: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
QVERIFY(loadFile.open(QIODevice::ReadOnly));
data/ksyntax-highlighting-5.74.0/examples/codeeditor/codeeditor.cpp:89:12: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!f.open(QFile::ReadOnly)) {
data/ksyntax-highlighting-5.74.0/examples/codepdfprinter/codepdfprinter.cpp:41:12: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!f.open(QFile::ReadOnly)) {
data/ksyntax-highlighting-5.74.0/examples/minimal/main.cpp:31:16: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!f.open(QIODevice::ReadOnly))
data/ksyntax-highlighting-5.74.0/src/cli/kate-syntax-highlighter.cpp:131:16: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
inFile.open(stdin, QIODevice::ReadOnly);
data/ksyntax-highlighting-5.74.0/src/indexer/katehighlightingindexer.cpp:30:15: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!file.open(QIODevice::ReadOnly)) {
data/ksyntax-highlighting-5.74.0/src/indexer/katehighlightingindexer.cpp:644:21: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!hlFile.open(QIODevice::ReadOnly)) {
data/ksyntax-highlighting-5.74.0/src/indexer/katehighlightingindexer.cpp:768:18: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!outFile.open(QIODevice::WriteOnly | QIODevice::Truncate))
data/ksyntax-highlighting-5.74.0/src/lib/definition.cpp:360:15: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!file.open(QFile::ReadOnly))
data/ksyntax-highlighting-5.74.0/src/lib/definition.cpp:422:15: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!file.open(QFile::ReadOnly))
data/ksyntax-highlighting-5.74.0/src/lib/definitiondownloader.cpp:123:15: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!file.open(QFile::WriteOnly)) {
data/ksyntax-highlighting-5.74.0/src/lib/htmlhighlighter.cpp:42:19: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!d->file->open(QFile::WriteOnly | QFile::Truncate)) {
data/ksyntax-highlighting-5.74.0/src/lib/htmlhighlighter.cpp:60:12: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!f.open(QFile::ReadOnly)) {
data/ksyntax-highlighting-5.74.0/src/lib/repository.cpp:209:20: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!indexFile.open(QFile::ReadOnly))
data/ksyntax-highlighting-5.74.0/src/lib/themedata.cpp:85:19: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!loadFile.open(QIODevice::ReadOnly)) {
data/ksyntax-highlighting-5.74.0/autotests/input/systemc.c:19:23: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
out.write(inA.read() || inB.read());
data/ksyntax-highlighting-5.74.0/autotests/input/systemc.c:19:37: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
out.write(inA.read() || inB.read());
ANALYSIS SUMMARY:
Hits = 29
Lines analyzed = 11649 in approximately 0.78 seconds (15001 lines/second)
Physical Source Lines of Code (SLOC) = 7769
Hits@level = [0] 0 [1] 2 [2] 27 [3] 0 [4] 0 [5] 0
Hits@level+ = [0+] 29 [1+] 29 [2+] 27 [3+] 0 [4+] 0 [5+] 0
Hits/KSLOC@level+ = [0+] 3.73278 [1+] 3.73278 [2+] 3.47535 [3+] 0 [4+] 0 [5+] 0
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.