Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/libkf5gravatar-20.08.2/autotests/gravatardownloadpixmapdialogtest.h
Examining data/libkf5gravatar-20.08.2/autotests/gravatarcachetest.cpp
Examining data/libkf5gravatar-20.08.2/autotests/gravatarcachetest.h
Examining data/libkf5gravatar-20.08.2/autotests/gravatarresolvurljobtest.cpp
Examining data/libkf5gravatar-20.08.2/autotests/gravatarconfigwidgettest.h
Examining data/libkf5gravatar-20.08.2/autotests/gravatarconfigwidgettest.cpp
Examining data/libkf5gravatar-20.08.2/autotests/gravatarconfiguresettingswidgettest.h
Examining data/libkf5gravatar-20.08.2/autotests/gravatardownloadpixmapwidgettest.h
Examining data/libkf5gravatar-20.08.2/autotests/gravatardownloadpixmapwidgettest.cpp
Examining data/libkf5gravatar-20.08.2/autotests/gravatarresolvurljobtest.h
Examining data/libkf5gravatar-20.08.2/autotests/gravatarconfiguresettingsdialogtest.h
Examining data/libkf5gravatar-20.08.2/autotests/gravatardownloadpixmapdialogtest.cpp
Examining data/libkf5gravatar-20.08.2/autotests/gravatarconfiguresettingsdialogtest.cpp
Examining data/libkf5gravatar-20.08.2/autotests/gravatarconfiguresettingswidgettest.cpp
Examining data/libkf5gravatar-20.08.2/tests/gravatarwidget_gui.cpp
Examining data/libkf5gravatar-20.08.2/src/misc/gravatarcache.cpp
Examining data/libkf5gravatar-20.08.2/src/misc/gravatarcache.h
Examining data/libkf5gravatar-20.08.2/src/misc/hash.h
Examining data/libkf5gravatar-20.08.2/src/misc/hash.cpp
Examining data/libkf5gravatar-20.08.2/src/widgets/gravatarconfiguresettingsdialog.h
Examining data/libkf5gravatar-20.08.2/src/widgets/gravatarconfiguresettingswidget.h
Examining data/libkf5gravatar-20.08.2/src/widgets/gravatarconfiguresettingsdialog.cpp
Examining data/libkf5gravatar-20.08.2/src/widgets/gravatardownloadpixmapwidget.cpp
Examining data/libkf5gravatar-20.08.2/src/widgets/gravatarconfiguresettingswidget.cpp
Examining data/libkf5gravatar-20.08.2/src/widgets/gravatarconfigwidget.h
Examining data/libkf5gravatar-20.08.2/src/widgets/gravatardownloadpixmapdialog.cpp
Examining data/libkf5gravatar-20.08.2/src/widgets/gravatardownloadpixmapdialog.h
Examining data/libkf5gravatar-20.08.2/src/widgets/gravatardownloadpixmapwidget.h
Examining data/libkf5gravatar-20.08.2/src/widgets/gravatarconfigwidget.cpp
Examining data/libkf5gravatar-20.08.2/src/job/gravatarresolvurljob.cpp
Examining data/libkf5gravatar-20.08.2/src/job/gravatarresolvurljob.h
Examining data/libkf5gravatar-20.08.2/src/gravatar_private_export.h
FINAL RESULTS:
data/libkf5gravatar-20.08.2/src/misc/gravatarcache.cpp:55:16: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!f.open(QFile::WriteOnly)) {
data/libkf5gravatar-20.08.2/src/misc/gravatarcache.cpp:73:16: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!f.open(QFile::ReadOnly)) {
data/libkf5gravatar-20.08.2/src/misc/gravatarcache.cpp:81:11: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
f.read(reinterpret_cast<char *>(vec.data()), f.size());
ANALYSIS SUMMARY:
Hits = 3
Lines analyzed = 2520 in approximately 0.08 seconds (30459 lines/second)
Physical Source Lines of Code (SLOC) = 1574
Hits@level = [0] 0 [1] 1 [2] 2 [3] 0 [4] 0 [5] 0
Hits@level+ = [0+] 3 [1+] 3 [2+] 2 [3+] 0 [4+] 0 [5+] 0
Hits/KSLOC@level+ = [0+] 1.90597 [1+] 1.90597 [2+] 1.27065 [3+] 0 [4+] 0 [5+] 0
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.