Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/minuet-20.08.0/src/app/exercisecontroller.cpp
Examining data/minuet-20.08.0/src/app/core.h
Examining data/minuet-20.08.0/src/app/plugincontroller.h
Examining data/minuet-20.08.0/src/app/uicontroller.h
Examining data/minuet-20.08.0/src/app/plugincontroller.cpp
Examining data/minuet-20.08.0/src/app/exercisecontroller.h
Examining data/minuet-20.08.0/src/app/main.cpp
Examining data/minuet-20.08.0/src/app/uicontroller.cpp
Examining data/minuet-20.08.0/src/app/core.cpp
Examining data/minuet-20.08.0/src/utils/xdgdatadirs.cpp
Examining data/minuet-20.08.0/src/utils/xdgdatadirs.h
Examining data/minuet-20.08.0/src/interfaces/iplugin.cpp
Examining data/minuet-20.08.0/src/interfaces/iplugincontroller.cpp
Examining data/minuet-20.08.0/src/interfaces/iuicontroller.cpp
Examining data/minuet-20.08.0/src/interfaces/iexercisecontroller.h
Examining data/minuet-20.08.0/src/interfaces/iplugincontroller.h
Examining data/minuet-20.08.0/src/interfaces/isoundcontroller.cpp
Examining data/minuet-20.08.0/src/interfaces/isoundcontroller.h
Examining data/minuet-20.08.0/src/interfaces/icore.cpp
Examining data/minuet-20.08.0/src/interfaces/iexercisecontroller.cpp
Examining data/minuet-20.08.0/src/interfaces/iuicontroller.h
Examining data/minuet-20.08.0/src/interfaces/icore.h
Examining data/minuet-20.08.0/src/interfaces/iplugin.h
Examining data/minuet-20.08.0/src/plugins/fluidsynthsoundcontroller/fluidsynthsoundcontroller.h
Examining data/minuet-20.08.0/src/plugins/fluidsynthsoundcontroller/fluidsynthsoundcontroller.cpp
Examining data/minuet-20.08.0/src/plugins/csoundsoundcontroller/csengine.h
Examining data/minuet-20.08.0/src/plugins/csoundsoundcontroller/csoundsoundcontroller.h
Examining data/minuet-20.08.0/src/plugins/csoundsoundcontroller/csengine.cpp
Examining data/minuet-20.08.0/src/plugins/csoundsoundcontroller/csoundsoundcontroller.cpp
FINAL RESULTS:
data/minuet-20.08.0/src/app/exercisecontroller.cpp:148:27: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!jsonFile.open(QIODevice::ReadOnly)) {
data/minuet-20.08.0/src/plugins/csoundsoundcontroller/csengine.cpp:40:10: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
file.open(QIODevice::ReadOnly);
data/minuet-20.08.0/src/plugins/csoundsoundcontroller/csoundsoundcontroller.cpp:70:20: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!sfile.open(QIODevice::ReadOnly | QIODevice::Text)) {
data/minuet-20.08.0/src/plugins/csoundsoundcontroller/csoundsoundcontroller.cpp:109:23: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
m_csdFileOpen.open(QIODevice::ReadWrite | QIODevice::Text);
ANALYSIS SUMMARY:
Hits = 4
Lines analyzed = 2355 in approximately 0.09 seconds (26417 lines/second)
Physical Source Lines of Code (SLOC) = 1408
Hits@level = [0] 0 [1] 0 [2] 4 [3] 0 [4] 0 [5] 0
Hits@level+ = [0+] 4 [1+] 4 [2+] 4 [3+] 0 [4+] 0 [5+] 0
Hits/KSLOC@level+ = [0+] 2.84091 [1+] 2.84091 [2+] 2.84091 [3+] 0 [4+] 0 [5+] 0
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.