Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/minizinc-ide-2.5.2/MiniZincIDE/checkupdatedialog.cpp
Examining data/minizinc-ide-2.5.2/MiniZincIDE/checkupdatedialog.h
Examining data/minizinc-ide-2.5.2/MiniZincIDE/codechecker.cpp
Examining data/minizinc-ide-2.5.2/MiniZincIDE/codechecker.h
Examining data/minizinc-ide-2.5.2/MiniZincIDE/codeeditor.cpp
Examining data/minizinc-ide-2.5.2/MiniZincIDE/codeeditor.h
Examining data/minizinc-ide-2.5.2/MiniZincIDE/configwindow.cpp
Examining data/minizinc-ide-2.5.2/MiniZincIDE/configwindow.h
Examining data/minizinc-ide-2.5.2/MiniZincIDE/elapsedtimer.cpp
Examining data/minizinc-ide-2.5.2/MiniZincIDE/elapsedtimer.h
Examining data/minizinc-ide-2.5.2/MiniZincIDE/esclineedit.cpp
Examining data/minizinc-ide-2.5.2/MiniZincIDE/esclineedit.h
Examining data/minizinc-ide-2.5.2/MiniZincIDE/exception.h
Examining data/minizinc-ide-2.5.2/MiniZincIDE/extraparamdialog.cpp
Examining data/minizinc-ide-2.5.2/MiniZincIDE/extraparamdialog.h
Examining data/minizinc-ide-2.5.2/MiniZincIDE/fzndoc.cpp
Examining data/minizinc-ide-2.5.2/MiniZincIDE/fzndoc.h
Examining data/minizinc-ide-2.5.2/MiniZincIDE/gotolinedialog.cpp
Examining data/minizinc-ide-2.5.2/MiniZincIDE/gotolinedialog.h
Examining data/minizinc-ide-2.5.2/MiniZincIDE/highlighter.cpp
Examining data/minizinc-ide-2.5.2/MiniZincIDE/highlighter.h
Examining data/minizinc-ide-2.5.2/MiniZincIDE/htmlpage.cpp
Examining data/minizinc-ide-2.5.2/MiniZincIDE/htmlpage.h
Examining data/minizinc-ide-2.5.2/MiniZincIDE/htmlwindow.cpp
Examining data/minizinc-ide-2.5.2/MiniZincIDE/htmlwindow.h
Examining data/minizinc-ide-2.5.2/MiniZincIDE/ide.cpp
Examining data/minizinc-ide-2.5.2/MiniZincIDE/ide.h
Examining data/minizinc-ide-2.5.2/MiniZincIDE/macos_extras.h
Examining data/minizinc-ide-2.5.2/MiniZincIDE/main.cpp
Examining data/minizinc-ide-2.5.2/MiniZincIDE/mainwindow.cpp
Examining data/minizinc-ide-2.5.2/MiniZincIDE/mainwindow.h
Examining data/minizinc-ide-2.5.2/MiniZincIDE/moocsubmission.cpp
Examining data/minizinc-ide-2.5.2/MiniZincIDE/moocsubmission.h
Examining data/minizinc-ide-2.5.2/MiniZincIDE/outputdockwidget.cpp
Examining data/minizinc-ide-2.5.2/MiniZincIDE/outputdockwidget.h
Examining data/minizinc-ide-2.5.2/MiniZincIDE/paramdialog.cpp
Examining data/minizinc-ide-2.5.2/MiniZincIDE/paramdialog.h
Examining data/minizinc-ide-2.5.2/MiniZincIDE/process.cpp
Examining data/minizinc-ide-2.5.2/MiniZincIDE/process.h
Examining data/minizinc-ide-2.5.2/MiniZincIDE/project.cpp
Examining data/minizinc-ide-2.5.2/MiniZincIDE/project.h
Examining data/minizinc-ide-2.5.2/MiniZincIDE/projectbrowser.cpp
Examining data/minizinc-ide-2.5.2/MiniZincIDE/projectbrowser.h
Examining data/minizinc-ide-2.5.2/MiniZincIDE/solverconfiguration.cpp
Examining data/minizinc-ide-2.5.2/MiniZincIDE/solverconfiguration.h
Examining data/minizinc-ide-2.5.2/MiniZincIDE/solverdialog.cpp
Examining data/minizinc-ide-2.5.2/MiniZincIDE/solverdialog.h
Examining data/minizinc-ide-2.5.2/cp-profiler/src/cpp-integration/connector.hpp
Examining data/minizinc-ide-2.5.2/cp-profiler/src/cpp-integration/message.hpp
Examining data/minizinc-ide-2.5.2/cp-profiler/src/cpprofiler/analysis/histogram_scene.cpp
Examining data/minizinc-ide-2.5.2/cp-profiler/src/cpprofiler/analysis/merge_window.cpp
Examining data/minizinc-ide-2.5.2/cp-profiler/src/cpprofiler/analysis/merging/pentagon_rect.cpp
Examining data/minizinc-ide-2.5.2/cp-profiler/src/cpprofiler/analysis/path_comp.cpp
Examining data/minizinc-ide-2.5.2/cp-profiler/src/cpprofiler/analysis/pattern_rect.cpp
Examining data/minizinc-ide-2.5.2/cp-profiler/src/cpprofiler/analysis/pentagon_counter.hpp
Examining data/minizinc-ide-2.5.2/cp-profiler/src/cpprofiler/analysis/similar_subtree_analysis.cpp
Examining data/minizinc-ide-2.5.2/cp-profiler/src/cpprofiler/analysis/similar_subtree_window.cpp
Examining data/minizinc-ide-2.5.2/cp-profiler/src/cpprofiler/analysis/tree_merger.cpp
Examining data/minizinc-ide-2.5.2/cp-profiler/src/cpprofiler/command_line_parser.cpp
Examining data/minizinc-ide-2.5.2/cp-profiler/src/cpprofiler/conductor.cpp
Examining data/minizinc-ide-2.5.2/cp-profiler/src/cpprofiler/core.cpp
Examining data/minizinc-ide-2.5.2/cp-profiler/src/cpprofiler/db_handler.cpp
Examining data/minizinc-ide-2.5.2/cp-profiler/src/cpprofiler/execution.cpp
Examining data/minizinc-ide-2.5.2/cp-profiler/src/cpprofiler/execution_list.cpp
Examining data/minizinc-ide-2.5.2/cp-profiler/src/cpprofiler/execution_window.cpp
Examining data/minizinc-ide-2.5.2/cp-profiler/src/cpprofiler/name_map.cpp
Examining data/minizinc-ide-2.5.2/cp-profiler/src/cpprofiler/nogood_dialog.cpp
Examining data/minizinc-ide-2.5.2/cp-profiler/src/cpprofiler/pixel_views/icicle_canvas.cpp
Examining data/minizinc-ide-2.5.2/cp-profiler/src/cpprofiler/pixel_views/pixel_image.cpp
Examining data/minizinc-ide-2.5.2/cp-profiler/src/cpprofiler/pixel_views/pixel_widget.cpp
Examining data/minizinc-ide-2.5.2/cp-profiler/src/cpprofiler/pixel_views/pt_canvas.cpp
Examining data/minizinc-ide-2.5.2/cp-profiler/src/cpprofiler/receiver_thread.cpp
Examining data/minizinc-ide-2.5.2/cp-profiler/src/cpprofiler/receiver_worker.cpp
Examining data/minizinc-ide-2.5.2/cp-profiler/src/cpprofiler/solver_data.cpp
Examining data/minizinc-ide-2.5.2/cp-profiler/src/cpprofiler/stats_bar.hpp
Examining data/minizinc-ide-2.5.2/cp-profiler/src/cpprofiler/tcp_server.cpp
Examining data/minizinc-ide-2.5.2/cp-profiler/src/cpprofiler/tests/execution_test.cpp
Examining data/minizinc-ide-2.5.2/cp-profiler/src/cpprofiler/tests/tree_test.cpp
Examining data/minizinc-ide-2.5.2/cp-profiler/src/cpprofiler/tree/cursors/drawing_cursor.cpp
Examining data/minizinc-ide-2.5.2/cp-profiler/src/cpprofiler/tree/cursors/hide_failed_cursor.cpp
Examining data/minizinc-ide-2.5.2/cp-profiler/src/cpprofiler/tree/cursors/hide_not_highlighted_cursor.cpp
Examining data/minizinc-ide-2.5.2/cp-profiler/src/cpprofiler/tree/cursors/layout_cursor.cpp
Examining data/minizinc-ide-2.5.2/cp-profiler/src/cpprofiler/tree/cursors/node_cursor.cpp
Examining data/minizinc-ide-2.5.2/cp-profiler/src/cpprofiler/tree/cursors/nodevisitor.hpp
Examining data/minizinc-ide-2.5.2/cp-profiler/src/cpprofiler/tree/layout.cpp
Examining data/minizinc-ide-2.5.2/cp-profiler/src/cpprofiler/tree/layout_computer.cpp
Examining data/minizinc-ide-2.5.2/cp-profiler/src/cpprofiler/tree/node.cpp
Examining data/minizinc-ide-2.5.2/cp-profiler/src/cpprofiler/tree/node_drawing.cpp
Examining data/minizinc-ide-2.5.2/cp-profiler/src/cpprofiler/tree/node_id.cpp
Examining data/minizinc-ide-2.5.2/cp-profiler/src/cpprofiler/tree/node_info.cpp
Examining data/minizinc-ide-2.5.2/cp-profiler/src/cpprofiler/tree/node_tree.cpp
Examining data/minizinc-ide-2.5.2/cp-profiler/src/cpprofiler/tree/shape.cpp
Examining data/minizinc-ide-2.5.2/cp-profiler/src/cpprofiler/tree/structure.cpp
Examining data/minizinc-ide-2.5.2/cp-profiler/src/cpprofiler/tree/traditional_view.cpp
Examining data/minizinc-ide-2.5.2/cp-profiler/src/cpprofiler/tree/tree_scroll_area.cpp
Examining data/minizinc-ide-2.5.2/cp-profiler/src/cpprofiler/tree/visual_flags.cpp
Examining data/minizinc-ide-2.5.2/cp-profiler/src/cpprofiler/tree_builder.cpp
Examining data/minizinc-ide-2.5.2/cp-profiler/src/cpprofiler/user_data.cpp
Examining data/minizinc-ide-2.5.2/cp-profiler/src/cpprofiler/utils/array.cpp
Examining data/minizinc-ide-2.5.2/cp-profiler/src/cpprofiler/utils/maybe_caller.cpp
Examining data/minizinc-ide-2.5.2/cp-profiler/src/cpprofiler/utils/path_utils.cpp
Examining data/minizinc-ide-2.5.2/cp-profiler/src/cpprofiler/utils/perf_helper.cpp
Examining data/minizinc-ide-2.5.2/cp-profiler/src/cpprofiler/utils/std_ext.cpp
Examining data/minizinc-ide-2.5.2/cp-profiler/src/cpprofiler/utils/string_utils.cpp
Examining data/minizinc-ide-2.5.2/cp-profiler/src/cpprofiler/utils/tree_utils.cpp
Examining data/minizinc-ide-2.5.2/cp-profiler/src/cpprofiler/utils/utils.cpp
Examining data/minizinc-ide-2.5.2/cp-profiler/src/main_cpprofiler.cpp
FINAL RESULTS:
data/minizinc-ide-2.5.2/MiniZincIDE/configwindow.cpp:226:7: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
f.open(QFile::WriteOnly | QFile::Truncate);
data/minizinc-ide-2.5.2/MiniZincIDE/htmlpage.cpp:61:28: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!qwebchanneljs.open(QIODevice::ReadOnly | QIODevice::Text)) {
data/minizinc-ide-2.5.2/MiniZincIDE/ide.cpp:181:18: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (file.open(QFile::ReadOnly)) {
data/minizinc-ide-2.5.2/MiniZincIDE/ide.cpp:326:33: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (newFile.open(QFile::ReadOnly | QFile::Text)) {
data/minizinc-ide-2.5.2/MiniZincIDE/ide.cpp:347:34: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (file.open(QFile::ReadOnly | QFile::Text)) {
data/minizinc-ide-2.5.2/MiniZincIDE/ide.cpp:493:18: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (file.open(QFile::ReadOnly | QFile::Text)) {
data/minizinc-ide-2.5.2/MiniZincIDE/ide.cpp:524:18: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (file.open(QFile::ReadOnly | QFile::Text)) {
data/minizinc-ide-2.5.2/MiniZincIDE/mainwindow.cpp:384:18: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (file.open(QFile::ReadOnly)) {
data/minizinc-ide-2.5.2/MiniZincIDE/mainwindow.cpp:919:31: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (modelFile.open(QIODevice::ReadWrite)) {
data/minizinc-ide-2.5.2/MiniZincIDE/mainwindow.cpp:1210:22: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (dataFile.open(QIODevice::ReadWrite)) {
data/minizinc-ide-2.5.2/MiniZincIDE/mainwindow.cpp:1303:22: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (file.open(QFile::WriteOnly | QFile::Text)) {
data/minizinc-ide-2.5.2/MiniZincIDE/mainwindow.cpp:2337:15: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
sheet.open(QFile::ReadOnly);
data/minizinc-ide-2.5.2/MiniZincIDE/moocsubmission.cpp:23:12: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!f.open(QFile::ReadOnly)) {
data/minizinc-ide-2.5.2/MiniZincIDE/moocsubmission.cpp:248:22: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (file.open(QFile::ReadOnly | QFile::Text)) {
data/minizinc-ide-2.5.2/MiniZincIDE/process.cpp:182:16: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (uc.open(QFile::ReadOnly)) {
data/minizinc-ide-2.5.2/MiniZincIDE/process.cpp:215:12: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (uc.open(QFile::ReadWrite | QIODevice::Truncate)) {
data/minizinc-ide-2.5.2/MiniZincIDE/process.cpp:270:16: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!temp->open()) {
data/minizinc-ide-2.5.2/MiniZincIDE/process.cpp:315:16: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!temp->open()) {
data/minizinc-ide-2.5.2/MiniZincIDE/project.cpp:84:12: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!f.open(QFile::ReadOnly)) {
data/minizinc-ide-2.5.2/MiniZincIDE/project.cpp:236:15: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!file.open(QFile::WriteOnly)) {
data/minizinc-ide-2.5.2/MiniZincIDE/solverconfiguration.cpp:105:15: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!file.open(QIODevice::ReadOnly | QIODevice::Text)) {
data/minizinc-ide-2.5.2/MiniZincIDE/solverdialog.cpp:392:20: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (uc.open(QFile::ReadOnly)) {
data/minizinc-ide-2.5.2/MiniZincIDE/solverdialog.cpp:438:16: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (uc.open(QFile::ReadWrite | QIODevice::Truncate)) {
data/minizinc-ide-2.5.2/MiniZincIDE/solverdialog.cpp:536:23: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!jdocFile.open(QIODevice::ReadWrite)) {
data/minizinc-ide-2.5.2/cp-profiler/src/cpprofiler/conductor.cpp:415:15: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!file.open(QFile::WriteOnly | QFile::Truncate))
data/minizinc-ide-2.5.2/cp-profiler/src/cpprofiler/conductor.cpp:500:10: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
file.open(QIODevice::ReadWrite | QIODevice::Text);
data/minizinc-ide-2.5.2/cp-profiler/src/cpprofiler/db_handler.cpp:382:13: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!db.open()) {
data/minizinc-ide-2.5.2/cp-profiler/src/cpprofiler/db_handler.cpp:418:13: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!db.open())
data/minizinc-ide-2.5.2/cp-profiler/src/cpprofiler/execution_window.cpp:452:14: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (file.open(QFile::WriteOnly | QFile::Truncate))
data/minizinc-ide-2.5.2/cp-profiler/src/cpprofiler/analysis/tree_merger.cpp:187:13: [1] (buffer) equal:
Function does not check the second iterator for over-read conditions
(CWE-126). This function is often discouraged by most C++ coding standards
in favor of its safer alternatives provided since C++14. Consider using a
form of this function that checks the second iterator before potentially
overflowing it.
if (equal)
ANALYSIS SUMMARY:
Hits = 30
Lines analyzed = 22901 in approximately 0.48 seconds (47870 lines/second)
Physical Source Lines of Code (SLOC) = 17850
Hits@level = [0] 1 [1] 1 [2] 29 [3] 0 [4] 0 [5] 0
Hits@level+ = [0+] 31 [1+] 30 [2+] 29 [3+] 0 [4+] 0 [5+] 0
Hits/KSLOC@level+ = [0+] 1.73669 [1+] 1.68067 [2+] 1.62465 [3+] 0 [4+] 0 [5+] 0
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.