Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler. Number of rules (primarily dangerous function names) in C/C++ ruleset: 223 Examining data/minizinc-ide-2.5.2/MiniZincIDE/checkupdatedialog.cpp Examining data/minizinc-ide-2.5.2/MiniZincIDE/checkupdatedialog.h Examining data/minizinc-ide-2.5.2/MiniZincIDE/codechecker.cpp Examining data/minizinc-ide-2.5.2/MiniZincIDE/codechecker.h Examining data/minizinc-ide-2.5.2/MiniZincIDE/codeeditor.cpp Examining data/minizinc-ide-2.5.2/MiniZincIDE/codeeditor.h Examining data/minizinc-ide-2.5.2/MiniZincIDE/configwindow.cpp Examining data/minizinc-ide-2.5.2/MiniZincIDE/configwindow.h Examining data/minizinc-ide-2.5.2/MiniZincIDE/elapsedtimer.cpp Examining data/minizinc-ide-2.5.2/MiniZincIDE/elapsedtimer.h Examining data/minizinc-ide-2.5.2/MiniZincIDE/esclineedit.cpp Examining data/minizinc-ide-2.5.2/MiniZincIDE/esclineedit.h Examining data/minizinc-ide-2.5.2/MiniZincIDE/exception.h Examining data/minizinc-ide-2.5.2/MiniZincIDE/extraparamdialog.cpp Examining data/minizinc-ide-2.5.2/MiniZincIDE/extraparamdialog.h Examining data/minizinc-ide-2.5.2/MiniZincIDE/fzndoc.cpp Examining data/minizinc-ide-2.5.2/MiniZincIDE/fzndoc.h Examining data/minizinc-ide-2.5.2/MiniZincIDE/gotolinedialog.cpp Examining data/minizinc-ide-2.5.2/MiniZincIDE/gotolinedialog.h Examining data/minizinc-ide-2.5.2/MiniZincIDE/highlighter.cpp Examining data/minizinc-ide-2.5.2/MiniZincIDE/highlighter.h Examining data/minizinc-ide-2.5.2/MiniZincIDE/htmlpage.cpp Examining data/minizinc-ide-2.5.2/MiniZincIDE/htmlpage.h Examining data/minizinc-ide-2.5.2/MiniZincIDE/htmlwindow.cpp Examining data/minizinc-ide-2.5.2/MiniZincIDE/htmlwindow.h Examining data/minizinc-ide-2.5.2/MiniZincIDE/ide.cpp Examining data/minizinc-ide-2.5.2/MiniZincIDE/ide.h Examining data/minizinc-ide-2.5.2/MiniZincIDE/macos_extras.h Examining data/minizinc-ide-2.5.2/MiniZincIDE/main.cpp Examining data/minizinc-ide-2.5.2/MiniZincIDE/mainwindow.cpp Examining data/minizinc-ide-2.5.2/MiniZincIDE/mainwindow.h Examining data/minizinc-ide-2.5.2/MiniZincIDE/moocsubmission.cpp Examining data/minizinc-ide-2.5.2/MiniZincIDE/moocsubmission.h Examining data/minizinc-ide-2.5.2/MiniZincIDE/outputdockwidget.cpp Examining data/minizinc-ide-2.5.2/MiniZincIDE/outputdockwidget.h Examining data/minizinc-ide-2.5.2/MiniZincIDE/paramdialog.cpp Examining data/minizinc-ide-2.5.2/MiniZincIDE/paramdialog.h Examining data/minizinc-ide-2.5.2/MiniZincIDE/process.cpp Examining data/minizinc-ide-2.5.2/MiniZincIDE/process.h Examining data/minizinc-ide-2.5.2/MiniZincIDE/project.cpp Examining data/minizinc-ide-2.5.2/MiniZincIDE/project.h Examining data/minizinc-ide-2.5.2/MiniZincIDE/projectbrowser.cpp Examining data/minizinc-ide-2.5.2/MiniZincIDE/projectbrowser.h Examining data/minizinc-ide-2.5.2/MiniZincIDE/solverconfiguration.cpp Examining data/minizinc-ide-2.5.2/MiniZincIDE/solverconfiguration.h Examining data/minizinc-ide-2.5.2/MiniZincIDE/solverdialog.cpp Examining data/minizinc-ide-2.5.2/MiniZincIDE/solverdialog.h Examining data/minizinc-ide-2.5.2/cp-profiler/src/cpp-integration/connector.hpp Examining data/minizinc-ide-2.5.2/cp-profiler/src/cpp-integration/message.hpp Examining data/minizinc-ide-2.5.2/cp-profiler/src/cpprofiler/analysis/histogram_scene.cpp Examining data/minizinc-ide-2.5.2/cp-profiler/src/cpprofiler/analysis/merge_window.cpp Examining data/minizinc-ide-2.5.2/cp-profiler/src/cpprofiler/analysis/merging/pentagon_rect.cpp Examining data/minizinc-ide-2.5.2/cp-profiler/src/cpprofiler/analysis/path_comp.cpp Examining data/minizinc-ide-2.5.2/cp-profiler/src/cpprofiler/analysis/pattern_rect.cpp Examining data/minizinc-ide-2.5.2/cp-profiler/src/cpprofiler/analysis/pentagon_counter.hpp Examining data/minizinc-ide-2.5.2/cp-profiler/src/cpprofiler/analysis/similar_subtree_analysis.cpp Examining data/minizinc-ide-2.5.2/cp-profiler/src/cpprofiler/analysis/similar_subtree_window.cpp Examining data/minizinc-ide-2.5.2/cp-profiler/src/cpprofiler/analysis/tree_merger.cpp Examining data/minizinc-ide-2.5.2/cp-profiler/src/cpprofiler/command_line_parser.cpp Examining data/minizinc-ide-2.5.2/cp-profiler/src/cpprofiler/conductor.cpp Examining data/minizinc-ide-2.5.2/cp-profiler/src/cpprofiler/core.cpp Examining data/minizinc-ide-2.5.2/cp-profiler/src/cpprofiler/db_handler.cpp Examining data/minizinc-ide-2.5.2/cp-profiler/src/cpprofiler/execution.cpp Examining data/minizinc-ide-2.5.2/cp-profiler/src/cpprofiler/execution_list.cpp Examining data/minizinc-ide-2.5.2/cp-profiler/src/cpprofiler/execution_window.cpp Examining data/minizinc-ide-2.5.2/cp-profiler/src/cpprofiler/name_map.cpp Examining data/minizinc-ide-2.5.2/cp-profiler/src/cpprofiler/nogood_dialog.cpp Examining data/minizinc-ide-2.5.2/cp-profiler/src/cpprofiler/pixel_views/icicle_canvas.cpp Examining data/minizinc-ide-2.5.2/cp-profiler/src/cpprofiler/pixel_views/pixel_image.cpp Examining data/minizinc-ide-2.5.2/cp-profiler/src/cpprofiler/pixel_views/pixel_widget.cpp Examining data/minizinc-ide-2.5.2/cp-profiler/src/cpprofiler/pixel_views/pt_canvas.cpp Examining data/minizinc-ide-2.5.2/cp-profiler/src/cpprofiler/receiver_thread.cpp Examining data/minizinc-ide-2.5.2/cp-profiler/src/cpprofiler/receiver_worker.cpp Examining data/minizinc-ide-2.5.2/cp-profiler/src/cpprofiler/solver_data.cpp Examining data/minizinc-ide-2.5.2/cp-profiler/src/cpprofiler/stats_bar.hpp Examining data/minizinc-ide-2.5.2/cp-profiler/src/cpprofiler/tcp_server.cpp Examining data/minizinc-ide-2.5.2/cp-profiler/src/cpprofiler/tests/execution_test.cpp Examining data/minizinc-ide-2.5.2/cp-profiler/src/cpprofiler/tests/tree_test.cpp Examining data/minizinc-ide-2.5.2/cp-profiler/src/cpprofiler/tree/cursors/drawing_cursor.cpp Examining data/minizinc-ide-2.5.2/cp-profiler/src/cpprofiler/tree/cursors/hide_failed_cursor.cpp Examining data/minizinc-ide-2.5.2/cp-profiler/src/cpprofiler/tree/cursors/hide_not_highlighted_cursor.cpp Examining data/minizinc-ide-2.5.2/cp-profiler/src/cpprofiler/tree/cursors/layout_cursor.cpp Examining data/minizinc-ide-2.5.2/cp-profiler/src/cpprofiler/tree/cursors/node_cursor.cpp Examining data/minizinc-ide-2.5.2/cp-profiler/src/cpprofiler/tree/cursors/nodevisitor.hpp Examining data/minizinc-ide-2.5.2/cp-profiler/src/cpprofiler/tree/layout.cpp Examining data/minizinc-ide-2.5.2/cp-profiler/src/cpprofiler/tree/layout_computer.cpp Examining data/minizinc-ide-2.5.2/cp-profiler/src/cpprofiler/tree/node.cpp Examining data/minizinc-ide-2.5.2/cp-profiler/src/cpprofiler/tree/node_drawing.cpp Examining data/minizinc-ide-2.5.2/cp-profiler/src/cpprofiler/tree/node_id.cpp Examining data/minizinc-ide-2.5.2/cp-profiler/src/cpprofiler/tree/node_info.cpp Examining data/minizinc-ide-2.5.2/cp-profiler/src/cpprofiler/tree/node_tree.cpp Examining data/minizinc-ide-2.5.2/cp-profiler/src/cpprofiler/tree/shape.cpp Examining data/minizinc-ide-2.5.2/cp-profiler/src/cpprofiler/tree/structure.cpp Examining data/minizinc-ide-2.5.2/cp-profiler/src/cpprofiler/tree/traditional_view.cpp Examining data/minizinc-ide-2.5.2/cp-profiler/src/cpprofiler/tree/tree_scroll_area.cpp Examining data/minizinc-ide-2.5.2/cp-profiler/src/cpprofiler/tree/visual_flags.cpp Examining data/minizinc-ide-2.5.2/cp-profiler/src/cpprofiler/tree_builder.cpp Examining data/minizinc-ide-2.5.2/cp-profiler/src/cpprofiler/user_data.cpp Examining data/minizinc-ide-2.5.2/cp-profiler/src/cpprofiler/utils/array.cpp Examining data/minizinc-ide-2.5.2/cp-profiler/src/cpprofiler/utils/maybe_caller.cpp Examining data/minizinc-ide-2.5.2/cp-profiler/src/cpprofiler/utils/path_utils.cpp Examining data/minizinc-ide-2.5.2/cp-profiler/src/cpprofiler/utils/perf_helper.cpp Examining data/minizinc-ide-2.5.2/cp-profiler/src/cpprofiler/utils/std_ext.cpp Examining data/minizinc-ide-2.5.2/cp-profiler/src/cpprofiler/utils/string_utils.cpp Examining data/minizinc-ide-2.5.2/cp-profiler/src/cpprofiler/utils/tree_utils.cpp Examining data/minizinc-ide-2.5.2/cp-profiler/src/cpprofiler/utils/utils.cpp Examining data/minizinc-ide-2.5.2/cp-profiler/src/main_cpprofiler.cpp FINAL RESULTS: data/minizinc-ide-2.5.2/MiniZincIDE/configwindow.cpp:226:7: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). f.open(QFile::WriteOnly | QFile::Truncate); data/minizinc-ide-2.5.2/MiniZincIDE/htmlpage.cpp:61:28: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if (!qwebchanneljs.open(QIODevice::ReadOnly | QIODevice::Text)) { data/minizinc-ide-2.5.2/MiniZincIDE/ide.cpp:181:18: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if (file.open(QFile::ReadOnly)) { data/minizinc-ide-2.5.2/MiniZincIDE/ide.cpp:326:33: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if (newFile.open(QFile::ReadOnly | QFile::Text)) { data/minizinc-ide-2.5.2/MiniZincIDE/ide.cpp:347:34: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if (file.open(QFile::ReadOnly | QFile::Text)) { data/minizinc-ide-2.5.2/MiniZincIDE/ide.cpp:493:18: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if (file.open(QFile::ReadOnly | QFile::Text)) { data/minizinc-ide-2.5.2/MiniZincIDE/ide.cpp:524:18: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if (file.open(QFile::ReadOnly | QFile::Text)) { data/minizinc-ide-2.5.2/MiniZincIDE/mainwindow.cpp:384:18: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if (file.open(QFile::ReadOnly)) { data/minizinc-ide-2.5.2/MiniZincIDE/mainwindow.cpp:919:31: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if (modelFile.open(QIODevice::ReadWrite)) { data/minizinc-ide-2.5.2/MiniZincIDE/mainwindow.cpp:1210:22: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if (dataFile.open(QIODevice::ReadWrite)) { data/minizinc-ide-2.5.2/MiniZincIDE/mainwindow.cpp:1303:22: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if (file.open(QFile::WriteOnly | QFile::Text)) { data/minizinc-ide-2.5.2/MiniZincIDE/mainwindow.cpp:2337:15: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). sheet.open(QFile::ReadOnly); data/minizinc-ide-2.5.2/MiniZincIDE/moocsubmission.cpp:23:12: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if (!f.open(QFile::ReadOnly)) { data/minizinc-ide-2.5.2/MiniZincIDE/moocsubmission.cpp:248:22: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if (file.open(QFile::ReadOnly | QFile::Text)) { data/minizinc-ide-2.5.2/MiniZincIDE/process.cpp:182:16: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if (uc.open(QFile::ReadOnly)) { data/minizinc-ide-2.5.2/MiniZincIDE/process.cpp:215:12: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if (uc.open(QFile::ReadWrite | QIODevice::Truncate)) { data/minizinc-ide-2.5.2/MiniZincIDE/process.cpp:270:16: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if (!temp->open()) { data/minizinc-ide-2.5.2/MiniZincIDE/process.cpp:315:16: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if (!temp->open()) { data/minizinc-ide-2.5.2/MiniZincIDE/project.cpp:84:12: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if (!f.open(QFile::ReadOnly)) { data/minizinc-ide-2.5.2/MiniZincIDE/project.cpp:236:15: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if (!file.open(QFile::WriteOnly)) { data/minizinc-ide-2.5.2/MiniZincIDE/solverconfiguration.cpp:105:15: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if (!file.open(QIODevice::ReadOnly | QIODevice::Text)) { data/minizinc-ide-2.5.2/MiniZincIDE/solverdialog.cpp:392:20: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if (uc.open(QFile::ReadOnly)) { data/minizinc-ide-2.5.2/MiniZincIDE/solverdialog.cpp:438:16: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if (uc.open(QFile::ReadWrite | QIODevice::Truncate)) { data/minizinc-ide-2.5.2/MiniZincIDE/solverdialog.cpp:536:23: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if (!jdocFile.open(QIODevice::ReadWrite)) { data/minizinc-ide-2.5.2/cp-profiler/src/cpprofiler/conductor.cpp:415:15: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if (!file.open(QFile::WriteOnly | QFile::Truncate)) data/minizinc-ide-2.5.2/cp-profiler/src/cpprofiler/conductor.cpp:500:10: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). file.open(QIODevice::ReadWrite | QIODevice::Text); data/minizinc-ide-2.5.2/cp-profiler/src/cpprofiler/db_handler.cpp:382:13: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if (!db.open()) { data/minizinc-ide-2.5.2/cp-profiler/src/cpprofiler/db_handler.cpp:418:13: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if (!db.open()) data/minizinc-ide-2.5.2/cp-profiler/src/cpprofiler/execution_window.cpp:452:14: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if (file.open(QFile::WriteOnly | QFile::Truncate)) data/minizinc-ide-2.5.2/cp-profiler/src/cpprofiler/analysis/tree_merger.cpp:187:13: [1] (buffer) equal: Function does not check the second iterator for over-read conditions (CWE-126). This function is often discouraged by most C++ coding standards in favor of its safer alternatives provided since C++14. Consider using a form of this function that checks the second iterator before potentially overflowing it. if (equal) ANALYSIS SUMMARY: Hits = 30 Lines analyzed = 22901 in approximately 0.48 seconds (47870 lines/second) Physical Source Lines of Code (SLOC) = 17850 Hits@level = [0] 1 [1] 1 [2] 29 [3] 0 [4] 0 [5] 0 Hits@level+ = [0+] 31 [1+] 30 [2+] 29 [3+] 0 [4+] 0 [5+] 0 Hits/KSLOC@level+ = [0+] 1.73669 [1+] 1.68067 [2+] 1.62465 [3+] 0 [4+] 0 [5+] 0 Dot directories skipped = 1 (--followdotdir overrides) Minimum risk level = 1 Not every hit is necessarily a security vulnerability. There may be other security vulnerabilities; review your code! See 'Secure Programming HOWTO' (https://dwheeler.com/secure-programs) for more information.