Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/libqtxdg-3.4.0/examples/use-qtxdg/main.cpp
Examining data/libqtxdg-3.4.0/src/qtxdg/desktopenvironment_p.cpp
Examining data/libqtxdg-3.4.0/src/qtxdg/qtxdglogging.cpp
Examining data/libqtxdg-3.4.0/src/qtxdg/qtxdglogging.h
Examining data/libqtxdg-3.4.0/src/qtxdg/xdgaction.cpp
Examining data/libqtxdg-3.4.0/src/qtxdg/xdgaction.h
Examining data/libqtxdg-3.4.0/src/qtxdg/xdgautostart.cpp
Examining data/libqtxdg-3.4.0/src/qtxdg/xdgautostart.h
Examining data/libqtxdg-3.4.0/src/qtxdg/xdgdesktopfile.cpp
Examining data/libqtxdg-3.4.0/src/qtxdg/xdgdesktopfile.h
Examining data/libqtxdg-3.4.0/src/qtxdg/xdgdesktopfile_p.h
Examining data/libqtxdg-3.4.0/src/qtxdg/xdgdirs.cpp
Examining data/libqtxdg-3.4.0/src/qtxdg/xdgdirs.h
Examining data/libqtxdg-3.4.0/src/qtxdg/xdgicon.cpp
Examining data/libqtxdg-3.4.0/src/qtxdg/xdgicon.h
Examining data/libqtxdg-3.4.0/src/qtxdg/xdgmacros.h
Examining data/libqtxdg-3.4.0/src/qtxdg/xdgmenu.cpp
Examining data/libqtxdg-3.4.0/src/qtxdg/xdgmenu.h
Examining data/libqtxdg-3.4.0/src/qtxdg/xdgmenu_p.h
Examining data/libqtxdg-3.4.0/src/qtxdg/xdgmenuapplinkprocessor.cpp
Examining data/libqtxdg-3.4.0/src/qtxdg/xdgmenuapplinkprocessor.h
Examining data/libqtxdg-3.4.0/src/qtxdg/xdgmenulayoutprocessor.cpp
Examining data/libqtxdg-3.4.0/src/qtxdg/xdgmenulayoutprocessor.h
Examining data/libqtxdg-3.4.0/src/qtxdg/xdgmenureader.cpp
Examining data/libqtxdg-3.4.0/src/qtxdg/xdgmenureader.h
Examining data/libqtxdg-3.4.0/src/qtxdg/xdgmenurules.cpp
Examining data/libqtxdg-3.4.0/src/qtxdg/xdgmenurules.h
Examining data/libqtxdg-3.4.0/src/qtxdg/xdgmenuwidget.cpp
Examining data/libqtxdg-3.4.0/src/qtxdg/xdgmenuwidget.h
Examining data/libqtxdg-3.4.0/src/qtxdg/xdgmimeapps.cpp
Examining data/libqtxdg-3.4.0/src/qtxdg/xdgmimeapps.h
Examining data/libqtxdg-3.4.0/src/qtxdg/xdgmimeapps_p.h
Examining data/libqtxdg-3.4.0/src/qtxdg/xdgmimeappsbackendinterface.cpp
Examining data/libqtxdg-3.4.0/src/qtxdg/xdgmimeappsbackendinterface.h
Examining data/libqtxdg-3.4.0/src/qtxdg/xdgmimeappsglibbackend.cpp
Examining data/libqtxdg-3.4.0/src/qtxdg/xdgmimeappsglibbackend.h
Examining data/libqtxdg-3.4.0/src/qtxdg/xdgmimetype.cpp
Examining data/libqtxdg-3.4.0/src/qtxdg/xdgmimetype.h
Examining data/libqtxdg-3.4.0/src/qtxdg/xmlhelper.cpp
Examining data/libqtxdg-3.4.0/src/qtxdg/xmlhelper.h
Examining data/libqtxdg-3.4.0/src/tools/mat/defappmatcommand.cpp
Examining data/libqtxdg-3.4.0/src/tools/mat/defappmatcommand.h
Examining data/libqtxdg-3.4.0/src/tools/mat/matcommandinterface.cpp
Examining data/libqtxdg-3.4.0/src/tools/mat/matcommandinterface.h
Examining data/libqtxdg-3.4.0/src/tools/mat/matcommandmanager.cpp
Examining data/libqtxdg-3.4.0/src/tools/mat/matcommandmanager.h
Examining data/libqtxdg-3.4.0/src/tools/mat/matglobals.h
Examining data/libqtxdg-3.4.0/src/tools/mat/mimetypematcommand.cpp
Examining data/libqtxdg-3.4.0/src/tools/mat/mimetypematcommand.h
Examining data/libqtxdg-3.4.0/src/tools/mat/openmatcommand.cpp
Examining data/libqtxdg-3.4.0/src/tools/mat/openmatcommand.h
Examining data/libqtxdg-3.4.0/src/tools/mat/qtxdg-mat.cpp
Examining data/libqtxdg-3.4.0/src/xdgiconloader/plugin/xdgiconengineplugin.cpp
Examining data/libqtxdg-3.4.0/src/xdgiconloader/plugin/xdgiconengineplugin.h
Examining data/libqtxdg-3.4.0/src/xdgiconloader/xdgiconloader.cpp
Examining data/libqtxdg-3.4.0/src/xdgiconloader/xdgiconloader_p.h
Examining data/libqtxdg-3.4.0/test/qtxdg_test.cpp
Examining data/libqtxdg-3.4.0/test/qtxdg_test.h
Examining data/libqtxdg-3.4.0/test/tst_xdgdesktopfile.cpp
Examining data/libqtxdg-3.4.0/test/tst_xdgdesktopfile.h
Examining data/libqtxdg-3.4.0/test/tst_xdgdirs.cpp
Examining data/libqtxdg-3.4.0/util/qtxdg-desktop-file-start.cpp
Examining data/libqtxdg-3.4.0/util/qtxdg-iconfinder.cpp
FINAL RESULTS:
data/libqtxdg-3.4.0/src/qtxdg/xdgdesktopfile.cpp:367:15: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!file.open(QIODevice::ReadOnly | QIODevice::Text))
data/libqtxdg-3.4.0/src/qtxdg/xdgdesktopfile.cpp:713:15: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!file.open(QIODevice::WriteOnly | QIODevice::Text))
data/libqtxdg-3.4.0/src/qtxdg/xdgdirs.cpp:146:21: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!configFile.open(QIODevice::ReadOnly | QIODevice::Text))
data/libqtxdg-3.4.0/src/qtxdg/xdgdirs.cpp:194:21: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!configFile.open(QIODevice::ReadWrite | QIODevice::Text))
data/libqtxdg-3.4.0/src/qtxdg/xdgmenu.cpp:205:15: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!file.open(QFile::WriteOnly | QFile::Text))
data/libqtxdg-3.4.0/src/qtxdg/xdgmenu.cpp:225:15: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!file.open(QFile::ReadOnly | QFile::Text))
data/libqtxdg-3.4.0/src/qtxdg/xdgmenureader.cpp:77:15: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!file.open(QFile::ReadOnly | QFile::Text))
data/libqtxdg-3.4.0/src/xdgiconloader/xdgiconloader.cpp:182:17: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!m_file.open(QFile::ReadOnly))
data/libqtxdg-3.4.0/src/xdgiconloader/xdgiconloader.cpp:846:20: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (device.open(QIODevice::ReadOnly))
data/libqtxdg-3.4.0/test/tst_xdgdesktopfile.cpp:48:18: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
QVERIFY(file.open());
data/libqtxdg-3.4.0/test/tst_xdgdesktopfile.cpp:91:18: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
QVERIFY(file.open());
data/libqtxdg-3.4.0/src/qtxdg/xdgdesktopfile.cpp:100:6: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
bool read(const QString &prefix);
data/libqtxdg-3.4.0/src/qtxdg/xdgdesktopfile.cpp:335:10: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
bool read(const QString &prefix);
data/libqtxdg-3.4.0/src/qtxdg/xdgdesktopfile.cpp:363:26: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
bool XdgDesktopFileData::read(const QString &prefix)
data/libqtxdg-3.4.0/src/qtxdg/xdgdesktopfile.cpp:679:8: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
d->read(prefix());
data/libqtxdg-3.4.0/src/qtxdg/xdgmenu.cpp:142:15: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
bool XdgMenu::read(const QString& menuFileName)
data/libqtxdg-3.4.0/src/qtxdg/xdgmenu.cpp:712:8: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
q->read(mMenuFileName);
data/libqtxdg-3.4.0/src/qtxdg/xdgmenu.h:73:10: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
bool read(const QString& menuFileName);
data/libqtxdg-3.4.0/src/xdgiconloader/xdgiconloader.cpp:595:27: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
bool XdgIconLoaderEngine::read(QDataStream &in) {
data/libqtxdg-3.4.0/src/xdgiconloader/xdgiconloader_p.h:80:10: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
bool read(QDataStream &in) Q_DECL_OVERRIDE;
ANALYSIS SUMMARY:
Hits = 20
Lines analyzed = 10482 in approximately 0.30 seconds (34381 lines/second)
Physical Source Lines of Code (SLOC) = 6073
Hits@level = [0] 0 [1] 9 [2] 11 [3] 0 [4] 0 [5] 0
Hits@level+ = [0+] 20 [1+] 20 [2+] 11 [3+] 0 [4+] 0 [5+] 0
Hits/KSLOC@level+ = [0+] 3.29327 [1+] 3.29327 [2+] 1.8113 [3+] 0 [4+] 0 [5+] 0
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.