Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/kwordquiz-20.08.0/src/kwqquizview.cpp
Examining data/kwordquiz-20.08.0/src/kwqpixmapitem.cpp
Examining data/kwordquiz-20.08.0/src/kwqcleardialog.cpp
Examining data/kwordquiz-20.08.0/src/dlgspecchar.h
Examining data/kwordquiz-20.08.0/src/multipleview.h
Examining data/kwordquiz-20.08.0/src/prefcharacter.cpp
Examining data/kwordquiz-20.08.0/src/kwqscorewidget.cpp
Examining data/kwordquiz-20.08.0/src/prefcharacter.h
Examining data/kwordquiz-20.08.0/src/qaview.cpp
Examining data/kwordquiz-20.08.0/src/kwqscorewidget.h
Examining data/kwordquiz-20.08.0/src/kwqtablemodel.h
Examining data/kwordquiz-20.08.0/src/kwordquizprefs.cpp
Examining data/kwordquiz-20.08.0/src/dlglanguage.h
Examining data/kwordquiz-20.08.0/src/flashview.cpp
Examining data/kwordquiz-20.08.0/src/prefquiz.cpp
Examining data/kwordquiz-20.08.0/src/prefgeneral.h
Examining data/kwordquiz-20.08.0/src/kwqsortfiltermodel.cpp
Examining data/kwordquiz-20.08.0/src/kwordquiz.h
Examining data/kwordquiz-20.08.0/src/kwqtutorflashcard.h
Examining data/kwordquiz-20.08.0/src/kwqcardscene.h
Examining data/kwordquiz-20.08.0/src/kwqcardview.cpp
Examining data/kwordquiz-20.08.0/src/kwqcardview.h
Examining data/kwordquiz-20.08.0/src/prefcardappearance.h
Examining data/kwordquiz-20.08.0/src/kwordquiz.cpp
Examining data/kwordquiz-20.08.0/src/kwqtableview.cpp
Examining data/kwordquiz-20.08.0/src/preftutor.cpp
Examining data/kwordquiz-20.08.0/src/kwqquizmodel.h
Examining data/kwordquiz-20.08.0/src/kwqcleardialog.h
Examining data/kwordquiz-20.08.0/src/prefquiz.h
Examining data/kwordquiz-20.08.0/src/kwqtabledelegate.cpp
Examining data/kwordquiz-20.08.0/src/prefgeneral.cpp
Examining data/kwordquiz-20.08.0/src/kwqquizmodel.cpp
Examining data/kwordquiz-20.08.0/src/prefeditor.h
Examining data/kwordquiz-20.08.0/src/kwqcardscene.cpp
Examining data/kwordquiz-20.08.0/src/kwqcommands.cpp
Examining data/kwordquiz-20.08.0/src/kwqtutor.cpp
Examining data/kwordquiz-20.08.0/src/kwqpixmapitem.h
Examining data/kwordquiz-20.08.0/src/main.cpp
Examining data/kwordquiz-20.08.0/src/dlgspecchar.cpp
Examining data/kwordquiz-20.08.0/src/filterproxysearchline.cpp
Examining data/kwordquiz-20.08.0/src/kwqtabledelegate.h
Examining data/kwordquiz-20.08.0/src/wqprintdialogpage.h
Examining data/kwordquiz-20.08.0/src/multipleview.cpp
Examining data/kwordquiz-20.08.0/src/filterproxysearchline.h
Examining data/kwordquiz-20.08.0/src/kwqtutorflashcard.cpp
Examining data/kwordquiz-20.08.0/src/kwqquizview.h
Examining data/kwordquiz-20.08.0/src/dlglanguage.cpp
Examining data/kwordquiz-20.08.0/src/kwqtableview.h
Examining data/kwordquiz-20.08.0/src/prefeditor.cpp
Examining data/kwordquiz-20.08.0/src/kwqtutor.h
Examining data/kwordquiz-20.08.0/src/kwqsortfiltermodel.h
Examining data/kwordquiz-20.08.0/src/wqprintdialogpage.cpp
Examining data/kwordquiz-20.08.0/src/flashview.h
Examining data/kwordquiz-20.08.0/src/preftutor.h
Examining data/kwordquiz-20.08.0/src/kwqtutorprefs.h
Examining data/kwordquiz-20.08.0/src/kwordquizprefs.h
Examining data/kwordquiz-20.08.0/src/kwqtablemodel.cpp
Examining data/kwordquiz-20.08.0/src/kwqtutorprefs.cpp
Examining data/kwordquiz-20.08.0/src/qaview.h
Examining data/kwordquiz-20.08.0/src/prefcardappearance.cpp
Examining data/kwordquiz-20.08.0/src/kwqcommands.h
FINAL RESULTS:
data/kwordquiz-20.08.0/src/kwordquiz.cpp:120:31: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fileOpen = KStandardAction::open(this, SLOT(slotFileOpen()), actionCollection());
data/kwordquiz-20.08.0/src/kwordquiz.cpp:619:25: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
int result = m_doc->open(url);
data/kwordquiz-20.08.0/src/kwordquiz.cpp:696:20: [2] (tmpfile) tmpfile:
Function tmpfile() has a security flaw on some systems (e.g., older System
V systems) (CWE-377).
QTemporaryFile tmpfile(filename);
data/kwordquiz-20.08.0/src/kwordquiz.cpp:697:9: [2] (tmpfile) tmpfile:
Function tmpfile() has a security flaw on some systems (e.g., older System
V systems) (CWE-377).
if (tmpfile.open()) {
data/kwordquiz-20.08.0/src/kwordquiz.cpp:697:17: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (tmpfile.open()) {
data/kwordquiz-20.08.0/src/kwordquiz.cpp:698:39: [2] (tmpfile) tmpfile:
Function tmpfile() has a security flaw on some systems (e.g., older System
V systems) (CWE-377).
QUrl _url(QUrl::fromLocalFile(tmpfile.fileName()));
data/kwordquiz-20.08.0/src/kwordquiz.cpp:699:16: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
m_doc->open(_url);
data/kwordquiz-20.08.0/src/kwordquiz.cpp:709:14: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
m_doc->open(url);
data/kwordquiz-20.08.0/src/kwordquiz.cpp:793:18: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
new_doc->open(*it);
data/kwordquiz-20.08.0/src/kwqtableview.cpp:112:12: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (data.open(QFile::WriteOnly)) {
data/kwordquiz-20.08.0/src/kwqtutor.cpp:66:24: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
a = KStandardAction::open(this, SLOT(loadFile()), this);
data/kwordquiz-20.08.0/src/kwqtutor.cpp:92:17: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
m_tutorDoc->open(QUrl(Prefs::lastVocabFile()));
data/kwordquiz-20.08.0/src/kwqtutor.cpp:94:17: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
m_tutorDoc->open(fileToOpen);
data/kwordquiz-20.08.0/src/kwqtutor.cpp:147:17: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
m_tutorDoc->open(fd->selectedUrls().at(0));
data/kwordquiz-20.08.0/src/kwqtablemodel.cpp:102:24: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
documentSettings.read();
data/kwordquiz-20.08.0/src/kwqtablemodel.cpp:108:24: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
documentSettings.read();
ANALYSIS SUMMARY:
Hits = 16
Lines analyzed = 8470 in approximately 1.13 seconds (7498 lines/second)
Physical Source Lines of Code (SLOC) = 5814
Hits@level = [0] 0 [1] 2 [2] 14 [3] 0 [4] 0 [5] 0
Hits@level+ = [0+] 16 [1+] 16 [2+] 14 [3+] 0 [4+] 0 [5+] 0
Hits/KSLOC@level+ = [0+] 2.75198 [1+] 2.75198 [2+] 2.40798 [3+] 0 [4+] 0 [5+] 0
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.