Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/plasma-vault-5.19.5/kded/ui/directorychooserwidget.cpp
Examining data/plasma-vault-5.19.5/kded/ui/dialogdsl.h
Examining data/plasma-vault-5.19.5/kded/ui/dialogdsl.cpp
Examining data/plasma-vault-5.19.5/kded/ui/backendchooserwidget.h
Examining data/plasma-vault-5.19.5/kded/ui/cryfscypherchooserwidget.h
Examining data/plasma-vault-5.19.5/kded/ui/namechooserwidget.h
Examining data/plasma-vault-5.19.5/kded/ui/mountdialog.h
Examining data/plasma-vault-5.19.5/kded/ui/offlineonlywidget.h
Examining data/plasma-vault-5.19.5/kded/ui/directorypairchooserwidget.h
Examining data/plasma-vault-5.19.5/kded/ui/passwordchooserwidget.h
Examining data/plasma-vault-5.19.5/kded/ui/mountdialog.cpp
Examining data/plasma-vault-5.19.5/kded/ui/vaultimportingwizard.cpp
Examining data/plasma-vault-5.19.5/kded/ui/directorypairchooserwidget.cpp
Examining data/plasma-vault-5.19.5/kded/ui/vaultconfigurationdialog.h
Examining data/plasma-vault-5.19.5/kded/ui/noticewidget.cpp
Examining data/plasma-vault-5.19.5/kded/ui/vaultconfigurationdialog.cpp
Examining data/plasma-vault-5.19.5/kded/ui/namechooserwidget.cpp
Examining data/plasma-vault-5.19.5/kded/ui/vaultdeletionwidget.cpp
Examining data/plasma-vault-5.19.5/kded/ui/directorychooserwidget.h
Examining data/plasma-vault-5.19.5/kded/ui/vaultdeletionwidget.h
Examining data/plasma-vault-5.19.5/kded/ui/cryfscypherchooserwidget.cpp
Examining data/plasma-vault-5.19.5/kded/ui/vaultcreationwizard.h
Examining data/plasma-vault-5.19.5/kded/ui/vaultcreationwizard.cpp
Examining data/plasma-vault-5.19.5/kded/ui/activitieslinkingwidget.h
Examining data/plasma-vault-5.19.5/kded/ui/noticewidget.h
Examining data/plasma-vault-5.19.5/kded/ui/backendchooserwidget.cpp
Examining data/plasma-vault-5.19.5/kded/ui/passwordchooserwidget.cpp
Examining data/plasma-vault-5.19.5/kded/ui/vaultimportingwizard.h
Examining data/plasma-vault-5.19.5/kded/ui/offlineonlywidget.cpp
Examining data/plasma-vault-5.19.5/kded/ui/activitieslinkingwidget.cpp
Examining data/plasma-vault-5.19.5/kded/ui/vaultwizardbase.h
Examining data/plasma-vault-5.19.5/kded/engine/vault.cpp
Examining data/plasma-vault-5.19.5/kded/engine/types.cpp
Examining data/plasma-vault-5.19.5/kded/engine/backend_p.h
Examining data/plasma-vault-5.19.5/kded/engine/commandresult.cpp
Examining data/plasma-vault-5.19.5/kded/engine/backend_p.cpp
Examining data/plasma-vault-5.19.5/kded/engine/commandresult.h
Examining data/plasma-vault-5.19.5/kded/engine/backends/gocryptfs/gocryptfsbackend.cpp
Examining data/plasma-vault-5.19.5/kded/engine/backends/gocryptfs/gocryptfsbackend.h
Examining data/plasma-vault-5.19.5/kded/engine/backends/encfs/encfsbackend.cpp
Examining data/plasma-vault-5.19.5/kded/engine/backends/encfs/encfsbackend.h
Examining data/plasma-vault-5.19.5/kded/engine/backends/cryfs/cryfsbackend.cpp
Examining data/plasma-vault-5.19.5/kded/engine/backends/cryfs/cryfsbackend.h
Examining data/plasma-vault-5.19.5/kded/engine/singleton_p.h
Examining data/plasma-vault-5.19.5/kded/engine/fusebackend_p.h
Examining data/plasma-vault-5.19.5/kded/engine/fusebackend_p.cpp
Examining data/plasma-vault-5.19.5/kded/engine/types.h
Examining data/plasma-vault-5.19.5/kded/engine/vault.h
Examining data/plasma-vault-5.19.5/kded/service.h
Examining data/plasma-vault-5.19.5/kded/service.cpp
Examining data/plasma-vault-5.19.5/plasma/vaultsmodel_p.h
Examining data/plasma-vault-5.19.5/plasma/vaultsmodel.h
Examining data/plasma-vault-5.19.5/plasma/vaultapplet.cpp
Examining data/plasma-vault-5.19.5/plasma/vaultsmodel.cpp
Examining data/plasma-vault-5.19.5/plasma/vaultapplet.h
Examining data/plasma-vault-5.19.5/common/vaultinfo.cpp
Examining data/plasma-vault-5.19.5/common/vaultinfo.h
Examining data/plasma-vault-5.19.5/asynqt/private/utils_p.h
Examining data/plasma-vault-5.19.5/asynqt/private/operations/cast_p.h
Examining data/plasma-vault-5.19.5/asynqt/private/operations/transform_p.h
Examining data/plasma-vault-5.19.5/asynqt/private/operations/flatten_p.h
Examining data/plasma-vault-5.19.5/asynqt/private/operations/collect_p.h
Examining data/plasma-vault-5.19.5/asynqt/private/operations/filter_p.h
Examining data/plasma-vault-5.19.5/asynqt/private/operations/listen_p.h
Examining data/plasma-vault-5.19.5/asynqt/private/wrappers/process_p.h
Examining data/plasma-vault-5.19.5/asynqt/private/wrappers/kjob_p.h
Examining data/plasma-vault-5.19.5/asynqt/private/wrappers/dbus_p.h
Examining data/plasma-vault-5.19.5/asynqt/private/cxxutils_p.h
Examining data/plasma-vault-5.19.5/asynqt/private/basic/delayedfuture_p.h
Examining data/plasma-vault-5.19.5/asynqt/private/basic/canceledfuture_p.h
Examining data/plasma-vault-5.19.5/asynqt/private/basic/readyfuture_p.h
Examining data/plasma-vault-5.19.5/asynqt/operations/transform.h
Examining data/plasma-vault-5.19.5/asynqt/operations/listen.h
Examining data/plasma-vault-5.19.5/asynqt/operations/flatten.h
Examining data/plasma-vault-5.19.5/asynqt/operations/continuewith.h
Examining data/plasma-vault-5.19.5/asynqt/operations/collect.h
Examining data/plasma-vault-5.19.5/asynqt/operations/filter.h
Examining data/plasma-vault-5.19.5/asynqt/operations/cast.h
Examining data/plasma-vault-5.19.5/asynqt/wrappers/process.h
Examining data/plasma-vault-5.19.5/asynqt/wrappers/dbus.h
Examining data/plasma-vault-5.19.5/asynqt/wrappers/kjob.h
Examining data/plasma-vault-5.19.5/asynqt/utils/either.h
Examining data/plasma-vault-5.19.5/asynqt/utils/expected.h
Examining data/plasma-vault-5.19.5/asynqt/basic/delayedfuture.h
Examining data/plasma-vault-5.19.5/asynqt/basic/all.h
Examining data/plasma-vault-5.19.5/asynqt/basic/readyfuture.h
Examining data/plasma-vault-5.19.5/asynqt/basic/canceledfuture.h
Examining data/plasma-vault-5.19.5/asynqt/basic/await.h
Examining data/plasma-vault-5.19.5/fileitemplugin/plasmavaultfileitemaction.cpp
Examining data/plasma-vault-5.19.5/fileitemplugin/plasmavaultfileitemaction.h
FINAL RESULTS:
data/plasma-vault-5.19.5/kded/engine/backend_p.h:56:28: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
virtual FutureResult<> open(const Device &device,
data/plasma-vault-5.19.5/kded/engine/fusebackend_p.cpp:159:29: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FutureResult<> FuseBackend::open(const Device &device,
data/plasma-vault-5.19.5/kded/engine/fusebackend_p.h:45:20: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FutureResult<> open(const Device &device,
data/plasma-vault-5.19.5/kded/engine/vault.cpp:70:35: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
deviceDirectoryLock = fopen(device.data().toLocal8Bit().data(), "r");
data/plasma-vault-5.19.5/kded/engine/vault.cpp:426:28: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (dotDir.open(QIODevice::WriteOnly | QIODevice::Text)) {
data/plasma-vault-5.19.5/kded/engine/vault.cpp:460:28: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (dotDir.open(QIODevice::WriteOnly | QIODevice::Text)) {
data/plasma-vault-5.19.5/kded/engine/vault.cpp:470:23: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FutureResult<> Vault::open(const Payload &payload)
data/plasma-vault-5.19.5/kded/engine/vault.cpp:480:43: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
d->data->backend->open(d->device, d->data->mountPoint, payload));
data/plasma-vault-5.19.5/kded/engine/vault.h:81:20: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FutureResult<> open(const Payload &payload);
data/plasma-vault-5.19.5/kded/service.cpp:334:13: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
dialog->open();
data/plasma-vault-5.19.5/kded/ui/mountdialog.cpp:86:28: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
auto future = m_vault->open({ { KEY_PASSWORD, pwd } });
data/plasma-vault-5.19.5/plasma/vaultsmodel.cpp:328:19: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
void VaultsModel::open(const QString &device)
data/plasma-vault-5.19.5/plasma/vaultsmodel.cpp:354:9: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
open(device);
data/plasma-vault-5.19.5/plasma/vaultsmodel.h:69:10: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
void open(const QString &device);
ANALYSIS SUMMARY:
Hits = 14
Lines analyzed = 10329 in approximately 0.23 seconds (44613 lines/second)
Physical Source Lines of Code (SLOC) = 5699
Hits@level = [0] 0 [1] 0 [2] 14 [3] 0 [4] 0 [5] 0
Hits@level+ = [0+] 14 [1+] 14 [2+] 14 [3+] 0 [4+] 0 [5+] 0
Hits/KSLOC@level+ = [0+] 2.45657 [1+] 2.45657 [2+] 2.45657 [3+] 0 [4+] 0 [5+] 0
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.