Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/ktikz-0.12+ds1/app/aboutdialog.cpp
Examining data/ktikz-0.12+ds1/app/aboutdialog.h
Examining data/ktikz-0.12+ds1/app/assistantcontroller.cpp
Examining data/ktikz-0.12+ds1/app/assistantcontroller.h
Examining data/ktikz-0.12+ds1/app/configappearancewidget.cpp
Examining data/ktikz-0.12+ds1/app/configappearancewidget.h
Examining data/ktikz-0.12+ds1/app/configdialog.cpp
Examining data/ktikz-0.12+ds1/app/configdialog.h
Examining data/ktikz-0.12+ds1/app/configeditorwidget.cpp
Examining data/ktikz-0.12+ds1/app/configeditorwidget.h
Examining data/ktikz-0.12+ds1/app/configgeneralwidget.cpp
Examining data/ktikz-0.12+ds1/app/configgeneralwidget.h
Examining data/ktikz-0.12+ds1/app/configpreviewwidget.cpp
Examining data/ktikz-0.12+ds1/app/configpreviewwidget.h
Examining data/ktikz-0.12+ds1/app/editgotolinewidget.cpp
Examining data/ktikz-0.12+ds1/app/editgotolinewidget.h
Examining data/ktikz-0.12+ds1/app/editindentwidget.cpp
Examining data/ktikz-0.12+ds1/app/editindentwidget.h
Examining data/ktikz-0.12+ds1/app/editreplacecurrentwidget.cpp
Examining data/ktikz-0.12+ds1/app/editreplacecurrentwidget.h
Examining data/ktikz-0.12+ds1/app/editreplacewidget.cpp
Examining data/ktikz-0.12+ds1/app/editreplacewidget.h
Examining data/ktikz-0.12+ds1/app/ktikzapplication.cpp
Examining data/ktikz-0.12+ds1/app/ktikzapplication.h
Examining data/ktikz-0.12+ds1/app/linenumberwidget.cpp
Examining data/ktikz-0.12+ds1/app/linenumberwidget.h
Examining data/ktikz-0.12+ds1/app/loghighlighter.cpp
Examining data/ktikz-0.12+ds1/app/loghighlighter.h
Examining data/ktikz-0.12+ds1/app/logtextedit.cpp
Examining data/ktikz-0.12+ds1/app/logtextedit.h
Examining data/ktikz-0.12+ds1/app/main.cpp
Examining data/ktikz-0.12+ds1/app/mainwindow.cpp
Examining data/ktikz-0.12+ds1/app/mainwindow.h
Examining data/ktikz-0.12+ds1/app/tikzcommandinserter.cpp
Examining data/ktikz-0.12+ds1/app/tikzcommandinserter.h
Examining data/ktikz-0.12+ds1/app/tikzcommandwidget.cpp
Examining data/ktikz-0.12+ds1/app/tikzcommandwidget.h
Examining data/ktikz-0.12+ds1/app/tikzdocumentationcontroller.cpp
Examining data/ktikz-0.12+ds1/app/tikzdocumentationcontroller.h
Examining data/ktikz-0.12+ds1/app/tikzeditor.h
Examining data/ktikz-0.12+ds1/app/tikzeditorhighlighter.cpp
Examining data/ktikz-0.12+ds1/app/tikzeditorhighlighter.h
Examining data/ktikz-0.12+ds1/app/tikzeditorview.cpp
Examining data/ktikz-0.12+ds1/app/tikzeditorview.h
Examining data/ktikz-0.12+ds1/app/usercommandeditdialog.cpp
Examining data/ktikz-0.12+ds1/app/usercommandeditdialog.h
Examining data/ktikz-0.12+ds1/app/usercommandinserter.cpp
Examining data/ktikz-0.12+ds1/app/usercommandinserter.h
Examining data/ktikz-0.12+ds1/app/tikzeditor.cpp
Examining data/ktikz-0.12+ds1/common/mainwidget.h
Examining data/ktikz-0.12+ds1/common/templatewidget.cpp
Examining data/ktikz-0.12+ds1/common/templatewidget.h
Examining data/ktikz-0.12+ds1/common/textcodecprofile.h
Examining data/ktikz-0.12+ds1/common/tikzpreview.cpp
Examining data/ktikz-0.12+ds1/common/tikzpreview.h
Examining data/ktikz-0.12+ds1/common/tikzpreviewcontroller.cpp
Examining data/ktikz-0.12+ds1/common/tikzpreviewcontroller.h
Examining data/ktikz-0.12+ds1/common/tikzpreviewgenerator.cpp
Examining data/ktikz-0.12+ds1/common/tikzpreviewgenerator.h
Examining data/ktikz-0.12+ds1/common/tikzpreviewmessagewidget.cpp
Examining data/ktikz-0.12+ds1/common/tikzpreviewmessagewidget.h
Examining data/ktikz-0.12+ds1/common/tikzpreviewrenderer.cpp
Examining data/ktikz-0.12+ds1/common/tikzpreviewrenderer.h
Examining data/ktikz-0.12+ds1/common/utils/action.cpp
Examining data/ktikz-0.12+ds1/common/utils/action.h
Examining data/ktikz-0.12+ds1/common/utils/colorbutton.cpp
Examining data/ktikz-0.12+ds1/common/utils/colorbutton.h
Examining data/ktikz-0.12+ds1/common/utils/colordialog.h
Examining data/ktikz-0.12+ds1/common/utils/combobox.cpp
Examining data/ktikz-0.12+ds1/common/utils/combobox.h
Examining data/ktikz-0.12+ds1/common/utils/file.cpp
Examining data/ktikz-0.12+ds1/common/utils/file.h
Examining data/ktikz-0.12+ds1/common/utils/filedialog.cpp
Examining data/ktikz-0.12+ds1/common/utils/filedialog.h
Examining data/ktikz-0.12+ds1/common/utils/fontdialog.h
Examining data/ktikz-0.12+ds1/common/utils/globallocale.cpp
Examining data/ktikz-0.12+ds1/common/utils/globallocale.h
Examining data/ktikz-0.12+ds1/common/utils/icon.h
Examining data/ktikz-0.12+ds1/common/utils/lineedit.cpp
Examining data/ktikz-0.12+ds1/common/utils/lineedit.h
Examining data/ktikz-0.12+ds1/common/utils/messagebox.cpp
Examining data/ktikz-0.12+ds1/common/utils/messagebox.h
Examining data/ktikz-0.12+ds1/common/utils/pagedialog.cpp
Examining data/ktikz-0.12+ds1/common/utils/pagedialog.h
Examining data/ktikz-0.12+ds1/common/utils/printpreviewdialog.cpp
Examining data/ktikz-0.12+ds1/common/utils/printpreviewdialog.h
Examining data/ktikz-0.12+ds1/common/utils/recentfilesaction.cpp
Examining data/ktikz-0.12+ds1/common/utils/recentfilesaction.h
Examining data/ktikz-0.12+ds1/common/utils/selectaction.cpp
Examining data/ktikz-0.12+ds1/common/utils/selectaction.h
Examining data/ktikz-0.12+ds1/common/utils/standardaction.cpp
Examining data/ktikz-0.12+ds1/common/utils/standardaction.h
Examining data/ktikz-0.12+ds1/common/utils/tempdir.cpp
Examining data/ktikz-0.12+ds1/common/utils/tempdir.h
Examining data/ktikz-0.12+ds1/common/utils/toggleaction.cpp
Examining data/ktikz-0.12+ds1/common/utils/toggleaction.h
Examining data/ktikz-0.12+ds1/common/utils/toolbar.cpp
Examining data/ktikz-0.12+ds1/common/utils/toolbar.h
Examining data/ktikz-0.12+ds1/common/utils/url.cpp
Examining data/ktikz-0.12+ds1/common/utils/url.h
Examining data/ktikz-0.12+ds1/common/utils/urlcompletion.h
Examining data/ktikz-0.12+ds1/common/utils/zoomaction.cpp
Examining data/ktikz-0.12+ds1/common/utils/zoomaction.h
Examining data/ktikz-0.12+ds1/part/browserextension.cpp
Examining data/ktikz-0.12+ds1/part/browserextension.h
Examining data/ktikz-0.12+ds1/part/configdialog.cpp
Examining data/ktikz-0.12+ds1/part/configdialog.h
Examining data/ktikz-0.12+ds1/part/configgeneralwidget.cpp
Examining data/ktikz-0.12+ds1/part/configgeneralwidget.h
Examining data/ktikz-0.12+ds1/part/part.cpp
Examining data/ktikz-0.12+ds1/part/part.h
FINAL RESULTS:
data/ktikz-0.12+ds1/app/main.cpp:105:42: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
const QString locale = QString(QLocale::system().name());
data/ktikz-0.12+ds1/app/mainwindow.cpp:1100:94: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
m_mouseCoordinatesLabel->setText(tr("Preview: x = %1\ty = %2", "@info:status").arg(QLocale::system().toString(x, 'f', precisionX)).arg(QLocale::system().toString(y, 'f', precisionY)));
data/ktikz-0.12+ds1/app/mainwindow.cpp:1100:146: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
m_mouseCoordinatesLabel->setText(tr("Preview: x = %1\ty = %2", "@info:status").arg(QLocale::system().toString(x, 'f', precisionX)).arg(QLocale::system().toString(y, 'f', precisionY)));
data/ktikz-0.12+ds1/common/utils/globallocale.cpp:25:18: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
return QLocale::system().decimalPoint();
data/ktikz-0.12+ds1/common/utils/globallocale.cpp:30:18: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
return QLocale::system().toString(num, 'f', precision);
data/ktikz-0.12+ds1/app/mainwindow.cpp:333:18: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
void MainWindow::open()
data/ktikz-0.12+ds1/app/mainwindow.cpp:516:33: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
m_openAction = StandardAction::open(this, SLOT(open()), this);
data/ktikz-0.12+ds1/app/mainwindow.cpp:516:49: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
m_openAction = StandardAction::open(this, SLOT(open()), this);
data/ktikz-0.12+ds1/app/mainwindow.cpp:937:12: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!file.open(QFile::Text))
data/ktikz-0.12+ds1/app/mainwindow.cpp:992:12: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!file.open(QFile::Text))
data/ktikz-0.12+ds1/app/mainwindow.h:120:7: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
void open();
data/ktikz-0.12+ds1/app/tikzcommandinserter.cpp:192:16: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!tagsFile.open(QFile::ReadOnly))
data/ktikz-0.12+ds1/app/tikzcommandinserter.cpp:279:20: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!commandsFile.open(QIODevice::ReadOnly | QIODevice::Text))
data/ktikz-0.12+ds1/common/tikzpreviewgenerator.cpp:245:20: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!latexLogFile.open(QFile::ReadOnly | QIODevice::Text))
data/ktikz-0.12+ds1/common/tikzpreviewgenerator.cpp:284:18: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (tikzAuxFile.open(QFile::ReadOnly | QIODevice::Text))
data/ktikz-0.12+ds1/common/tikzpreviewgenerator.cpp:453:19: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!tikzTexFile.open())
data/ktikz-0.12+ds1/common/tikzpreviewgenerator.cpp:466:20: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
&& templateFile.open(QIODevice::ReadOnly | QIODevice::Text) // if user-specified template file is readable
data/ktikz-0.12+ds1/common/tikzpreviewgenerator.cpp:505:16: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!tikzFile.open(QFile::WriteOnly))
data/ktikz-0.12+ds1/common/utils/file.cpp:106:12: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
bool File::open(const QFile::OpenMode &mode)
data/ktikz-0.12+ds1/common/utils/file.cpp:112:18: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
return m_file->open( QFile::ReadWrite ); // XXX cannot use qobject_cast because QSaveFile doesn't have the Q_OBJECT macro
data/ktikz-0.12+ds1/common/utils/file.cpp:118:18: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
return m_file->open(QFile::ReadOnly | mode);
data/ktikz-0.12+ds1/common/utils/file.cpp:243:12: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
bool File::open(const QFile::OpenMode &mode)
data/ktikz-0.12+ds1/common/utils/file.cpp:246:18: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
return m_file->open(QFile::WriteOnly | mode);
data/ktikz-0.12+ds1/common/utils/file.cpp:248:18: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
return m_file->open(QFile::ReadOnly | mode);
data/ktikz-0.12+ds1/common/utils/file.h:104:7: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
bool open(const QFile::OpenMode &mode = 0);
data/ktikz-0.12+ds1/common/utils/standardaction.cpp:60:9: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
Action *open(const QObject *recvr, const char *slot, QObject *parent)
data/ktikz-0.12+ds1/common/utils/standardaction.cpp:62:37: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
return copyAction(KStandardAction::open(recvr, slot, parent), recvr, slot);
data/ktikz-0.12+ds1/common/utils/standardaction.cpp:301:9: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
Action *open(const QObject *recvr, const char *slot, QObject *parent)
data/ktikz-0.12+ds1/common/utils/standardaction.h:29:9: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
Action *open(const QObject *recvr, const char *slot, QObject *parent);
data/ktikz-0.12+ds1/part/part.cpp:165:12: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!file.open(QFile::ReadOnly | QFile::Text))
ANALYSIS SUMMARY:
Hits = 30
Lines analyzed = 14773 in approximately 0.93 seconds (15901 lines/second)
Physical Source Lines of Code (SLOC) = 10025
Hits@level = [0] 6 [1] 0 [2] 25 [3] 0 [4] 5 [5] 0
Hits@level+ = [0+] 36 [1+] 30 [2+] 30 [3+] 5 [4+] 5 [5+] 0
Hits/KSLOC@level+ = [0+] 3.59102 [1+] 2.99252 [2+] 2.99252 [3+] 0.498753 [4+] 0.498753 [5+] 0
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.