Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler. Number of rules (primarily dangerous function names) in C/C++ ruleset: 223 Examining data/ksyntax-highlighting-5.74.0/autotests/repository_benchmark.cpp Examining data/ksyntax-highlighting-5.74.0/autotests/input/highlight_lpc.c Examining data/ksyntax-highlighting-5.74.0/autotests/input/systemc.c Examining data/ksyntax-highlighting-5.74.0/autotests/input/test.c Examining data/ksyntax-highlighting-5.74.0/autotests/input/highlight.cpp Examining data/ksyntax-highlighting-5.74.0/autotests/input/test-numbers-bug423680.cpp Examining data/ksyntax-highlighting-5.74.0/autotests/input/themes/showcase.cpp Examining data/ksyntax-highlighting-5.74.0/autotests/htmlhighlighter_test.cpp Examining data/ksyntax-highlighting-5.74.0/autotests/highlighter_benchmark.cpp Examining data/ksyntax-highlighting-5.74.0/autotests/theme_test.cpp Examining data/ksyntax-highlighting-5.74.0/autotests/foldingtest.cpp Examining data/ksyntax-highlighting-5.74.0/autotests/testhighlighter.cpp Examining data/ksyntax-highlighting-5.74.0/autotests/syntaxrepository_test.cpp Examining data/ksyntax-highlighting-5.74.0/autotests/wildcardmatcher_test.cpp Examining data/ksyntax-highlighting-5.74.0/examples/codeeditor/main.cpp Examining data/ksyntax-highlighting-5.74.0/examples/codeeditor/codeeditor.cpp Examining data/ksyntax-highlighting-5.74.0/examples/codeeditor/codeeditor.h Examining data/ksyntax-highlighting-5.74.0/examples/codepdfprinter/main.cpp Examining data/ksyntax-highlighting-5.74.0/examples/codepdfprinter/codepdfprinter.h Examining data/ksyntax-highlighting-5.74.0/examples/codepdfprinter/codepdfprinter.cpp Examining data/ksyntax-highlighting-5.74.0/examples/minimal/main.cpp Examining data/ksyntax-highlighting-5.74.0/src/cli/kate-syntax-highlighter.cpp Examining data/ksyntax-highlighting-5.74.0/src/lib/matchresult_p.h Examining data/ksyntax-highlighting-5.74.0/src/lib/rule_p.h Examining data/ksyntax-highlighting-5.74.0/src/lib/keywordlist.cpp Examining data/ksyntax-highlighting-5.74.0/src/lib/format_p.h Examining data/ksyntax-highlighting-5.74.0/src/lib/definitionref_p.h Examining data/ksyntax-highlighting-5.74.0/src/lib/rule.cpp Examining data/ksyntax-highlighting-5.74.0/src/lib/htmlhighlighter.cpp Examining data/ksyntax-highlighting-5.74.0/src/lib/worddelimiters.cpp Examining data/ksyntax-highlighting-5.74.0/src/lib/definition_p.h Examining data/ksyntax-highlighting-5.74.0/src/lib/worddelimiters_p.h Examining data/ksyntax-highlighting-5.74.0/src/lib/state.cpp Examining data/ksyntax-highlighting-5.74.0/src/lib/htmlhighlighter.h Examining data/ksyntax-highlighting-5.74.0/src/lib/foldingregion.cpp Examining data/ksyntax-highlighting-5.74.0/src/lib/format.h Examining data/ksyntax-highlighting-5.74.0/src/lib/abstracthighlighter_p.h Examining data/ksyntax-highlighting-5.74.0/src/lib/definitiondownloader.cpp Examining data/ksyntax-highlighting-5.74.0/src/lib/repository.cpp Examining data/ksyntax-highlighting-5.74.0/src/lib/definition.cpp Examining data/ksyntax-highlighting-5.74.0/src/lib/theme.h Examining data/ksyntax-highlighting-5.74.0/src/lib/themedata_p.h Examining data/ksyntax-highlighting-5.74.0/src/lib/foldingregion.h Examining data/ksyntax-highlighting-5.74.0/src/lib/abstracthighlighter.cpp Examining data/ksyntax-highlighting-5.74.0/src/lib/definition.h Examining data/ksyntax-highlighting-5.74.0/src/lib/context_p.h Examining data/ksyntax-highlighting-5.74.0/src/lib/wildcardmatcher_p.h Examining data/ksyntax-highlighting-5.74.0/src/lib/syntaxhighlighter.cpp Examining data/ksyntax-highlighting-5.74.0/src/lib/state_p.h Examining data/ksyntax-highlighting-5.74.0/src/lib/wildcardmatcher.cpp Examining data/ksyntax-highlighting-5.74.0/src/lib/repository.h Examining data/ksyntax-highlighting-5.74.0/src/lib/context.cpp Examining data/ksyntax-highlighting-5.74.0/src/lib/contextswitch.cpp Examining data/ksyntax-highlighting-5.74.0/src/lib/definitiondownloader.h Examining data/ksyntax-highlighting-5.74.0/src/lib/state.h Examining data/ksyntax-highlighting-5.74.0/src/lib/xml_p.h Examining data/ksyntax-highlighting-5.74.0/src/lib/theme.cpp Examining data/ksyntax-highlighting-5.74.0/src/lib/syntaxhighlighter.h Examining data/ksyntax-highlighting-5.74.0/src/lib/keywordlist_p.h Examining data/ksyntax-highlighting-5.74.0/src/lib/textstyledata_p.h Examining data/ksyntax-highlighting-5.74.0/src/lib/format.cpp Examining data/ksyntax-highlighting-5.74.0/src/lib/contextswitch_p.h Examining data/ksyntax-highlighting-5.74.0/src/lib/abstracthighlighter.h Examining data/ksyntax-highlighting-5.74.0/src/lib/themedata.cpp Examining data/ksyntax-highlighting-5.74.0/src/lib/repository_p.h Examining data/ksyntax-highlighting-5.74.0/src/indexer/katehighlightingindexer.cpp FINAL RESULTS: data/ksyntax-highlighting-5.74.0/autotests/foldingtest.cpp:32:22: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if (!outFile.open(QFile::WriteOnly | QFile::Truncate)) { data/ksyntax-highlighting-5.74.0/autotests/foldingtest.cpp:40:16: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if (!f.open(QFile::ReadOnly)) { data/ksyntax-highlighting-5.74.0/autotests/foldingtest.cpp:161:59: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if (syntaxOverride.exists() && syntaxOverride.open(QFile::ReadOnly)) data/ksyntax-highlighting-5.74.0/autotests/highlighter_benchmark.cpp:31:16: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if (!f.open(QFile::ReadOnly)) { data/ksyntax-highlighting-5.74.0/autotests/highlighter_benchmark.cpp:96:59: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if (syntaxOverride.exists() && syntaxOverride.open(QFile::ReadOnly)) data/ksyntax-highlighting-5.74.0/autotests/htmlhighlighter_test.cpp:65:59: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if (syntaxOverride.exists() && syntaxOverride.open(QFile::ReadOnly)) data/ksyntax-highlighting-5.74.0/autotests/syntaxrepository_test.cpp:476:26: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). QVERIFY(file.open(QIODevice::WriteOnly)); data/ksyntax-highlighting-5.74.0/autotests/testhighlighter.cpp:32:22: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if (!outFile.open(QFile::WriteOnly | QFile::Truncate)) { data/ksyntax-highlighting-5.74.0/autotests/testhighlighter.cpp:40:16: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if (!f.open(QFile::ReadOnly)) { data/ksyntax-highlighting-5.74.0/autotests/testhighlighter.cpp:97:29: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). QVERIFY(coveredList.open(QFile::WriteOnly)); data/ksyntax-highlighting-5.74.0/autotests/testhighlighter.cpp:98:31: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). QVERIFY(uncoveredList.open(QFile::WriteOnly)); data/ksyntax-highlighting-5.74.0/autotests/testhighlighter.cpp:152:59: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if (syntaxOverride.exists() && syntaxOverride.open(QFile::ReadOnly)) data/ksyntax-highlighting-5.74.0/autotests/theme_test.cpp:211:26: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). QVERIFY(loadFile.open(QIODevice::ReadOnly)); data/ksyntax-highlighting-5.74.0/examples/codeeditor/codeeditor.cpp:89:12: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if (!f.open(QFile::ReadOnly)) { data/ksyntax-highlighting-5.74.0/examples/codepdfprinter/codepdfprinter.cpp:41:12: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if (!f.open(QFile::ReadOnly)) { data/ksyntax-highlighting-5.74.0/examples/minimal/main.cpp:31:16: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if (!f.open(QIODevice::ReadOnly)) data/ksyntax-highlighting-5.74.0/src/cli/kate-syntax-highlighter.cpp:131:16: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). inFile.open(stdin, QIODevice::ReadOnly); data/ksyntax-highlighting-5.74.0/src/indexer/katehighlightingindexer.cpp:30:15: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if (!file.open(QIODevice::ReadOnly)) { data/ksyntax-highlighting-5.74.0/src/indexer/katehighlightingindexer.cpp:644:21: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if (!hlFile.open(QIODevice::ReadOnly)) { data/ksyntax-highlighting-5.74.0/src/indexer/katehighlightingindexer.cpp:768:18: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if (!outFile.open(QIODevice::WriteOnly | QIODevice::Truncate)) data/ksyntax-highlighting-5.74.0/src/lib/definition.cpp:360:15: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if (!file.open(QFile::ReadOnly)) data/ksyntax-highlighting-5.74.0/src/lib/definition.cpp:422:15: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if (!file.open(QFile::ReadOnly)) data/ksyntax-highlighting-5.74.0/src/lib/definitiondownloader.cpp:123:15: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if (!file.open(QFile::WriteOnly)) { data/ksyntax-highlighting-5.74.0/src/lib/htmlhighlighter.cpp:42:19: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if (!d->file->open(QFile::WriteOnly | QFile::Truncate)) { data/ksyntax-highlighting-5.74.0/src/lib/htmlhighlighter.cpp:60:12: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if (!f.open(QFile::ReadOnly)) { data/ksyntax-highlighting-5.74.0/src/lib/repository.cpp:209:20: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if (!indexFile.open(QFile::ReadOnly)) data/ksyntax-highlighting-5.74.0/src/lib/themedata.cpp:85:19: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if (!loadFile.open(QIODevice::ReadOnly)) { data/ksyntax-highlighting-5.74.0/autotests/input/systemc.c:19:23: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). out.write(inA.read() || inB.read()); data/ksyntax-highlighting-5.74.0/autotests/input/systemc.c:19:37: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). out.write(inA.read() || inB.read()); ANALYSIS SUMMARY: Hits = 29 Lines analyzed = 11649 in approximately 0.78 seconds (15001 lines/second) Physical Source Lines of Code (SLOC) = 7769 Hits@level = [0] 0 [1] 2 [2] 27 [3] 0 [4] 0 [5] 0 Hits@level+ = [0+] 29 [1+] 29 [2+] 27 [3+] 0 [4+] 0 [5+] 0 Hits/KSLOC@level+ = [0+] 3.73278 [1+] 3.73278 [2+] 3.47535 [3+] 0 [4+] 0 [5+] 0 Dot directories skipped = 1 (--followdotdir overrides) Minimum risk level = 1 Not every hit is necessarily a security vulnerability. There may be other security vulnerabilities; review your code! See 'Secure Programming HOWTO' (https://dwheeler.com/secure-programs) for more information.