Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/pushpin-1.31.0/tools/echo/echo.cpp
Examining data/pushpin-1.31.0/tools/publish/main.cpp
Examining data/pushpin-1.31.0/src/handler/filter.h
Examining data/pushpin-1.31.0/src/handler/main.cpp
Examining data/pushpin-1.31.0/src/handler/cidset.h
Examining data/pushpin-1.31.0/src/handler/httpsession.h
Examining data/pushpin-1.31.0/src/handler/engine.h
Examining data/pushpin-1.31.0/src/handler/publishlastids.cpp
Examining data/pushpin-1.31.0/src/handler/jsonpatch.cpp
Examining data/pushpin-1.31.0/src/handler/httpsession.cpp
Examining data/pushpin-1.31.0/src/handler/lastids.h
Examining data/pushpin-1.31.0/src/handler/instruct.cpp
Examining data/pushpin-1.31.0/src/handler/wscontrolmessage.h
Examining data/pushpin-1.31.0/src/handler/conncheckworker.cpp
Examining data/pushpin-1.31.0/src/handler/publishitem.cpp
Examining data/pushpin-1.31.0/src/handler/controlrequest.cpp
Examining data/pushpin-1.31.0/src/handler/httpsessionupdatemanager.cpp
Examining data/pushpin-1.31.0/src/handler/detectrule.h
Examining data/pushpin-1.31.0/src/handler/filter.cpp
Examining data/pushpin-1.31.0/src/handler/app.h
Examining data/pushpin-1.31.0/src/handler/jsonpointer.h
Examining data/pushpin-1.31.0/src/handler/wscontrolmessage.cpp
Examining data/pushpin-1.31.0/src/handler/jsonpointer.cpp
Examining data/pushpin-1.31.0/src/handler/jsonpatch.h
Examining data/pushpin-1.31.0/src/handler/sequencer.h
Examining data/pushpin-1.31.0/src/handler/publishlastids.h
Examining data/pushpin-1.31.0/src/handler/deferred.h
Examining data/pushpin-1.31.0/src/handler/format.cpp
Examining data/pushpin-1.31.0/src/handler/requeststate.h
Examining data/pushpin-1.31.0/src/handler/app.cpp
Examining data/pushpin-1.31.0/src/handler/refreshworker.h
Examining data/pushpin-1.31.0/src/handler/filterstack.h
Examining data/pushpin-1.31.0/src/handler/tests/publishformattest/publishformattest.cpp
Examining data/pushpin-1.31.0/src/handler/tests/publishitemtest/publishitemtest.cpp
Examining data/pushpin-1.31.0/src/handler/tests/instructtest/instructtest.cpp
Examining data/pushpin-1.31.0/src/handler/tests/idformattest/idformattest.cpp
Examining data/pushpin-1.31.0/src/handler/tests/jsonpatchtest/jsonpatchtest.cpp
Examining data/pushpin-1.31.0/src/handler/tests/enginetest/enginetest.cpp
Examining data/pushpin-1.31.0/src/handler/simplehttpserver.h
Examining data/pushpin-1.31.0/src/handler/filterstack.cpp
Examining data/pushpin-1.31.0/src/handler/publishformat.cpp
Examining data/pushpin-1.31.0/src/handler/variantutil.h
Examining data/pushpin-1.31.0/src/handler/ratelimiter.h
Examining data/pushpin-1.31.0/src/handler/conncheckworker.h
Examining data/pushpin-1.31.0/src/handler/wssession.cpp
Examining data/pushpin-1.31.0/src/handler/publishformat.h
Examining data/pushpin-1.31.0/src/handler/sessionrequest.cpp
Examining data/pushpin-1.31.0/src/handler/instruct.h
Examining data/pushpin-1.31.0/src/handler/variantutil.cpp
Examining data/pushpin-1.31.0/src/handler/refreshworker.cpp
Examining data/pushpin-1.31.0/src/handler/wssession.h
Examining data/pushpin-1.31.0/src/handler/sessionrequest.h
Examining data/pushpin-1.31.0/src/handler/httpsessionupdatemanager.h
Examining data/pushpin-1.31.0/src/handler/format.h
Examining data/pushpin-1.31.0/src/handler/requeststate.cpp
Examining data/pushpin-1.31.0/src/handler/idformat.cpp
Examining data/pushpin-1.31.0/src/handler/controlrequest.h
Examining data/pushpin-1.31.0/src/handler/simplehttpserver.cpp
Examining data/pushpin-1.31.0/src/handler/sequencer.cpp
Examining data/pushpin-1.31.0/src/handler/deferred.cpp
Examining data/pushpin-1.31.0/src/handler/publishitem.h
Examining data/pushpin-1.31.0/src/handler/engine.cpp
Examining data/pushpin-1.31.0/src/handler/ratelimiter.cpp
Examining data/pushpin-1.31.0/src/handler/idformat.h
Examining data/pushpin-1.31.0/src/m2adapter/main.cpp
Examining data/pushpin-1.31.0/src/m2adapter/m2requestpacket.h
Examining data/pushpin-1.31.0/src/m2adapter/m2requestpacket.cpp
Examining data/pushpin-1.31.0/src/m2adapter/app.h
Examining data/pushpin-1.31.0/src/m2adapter/m2responsepacket.cpp
Examining data/pushpin-1.31.0/src/m2adapter/app.cpp
Examining data/pushpin-1.31.0/src/m2adapter/m2responsepacket.h
Examining data/pushpin-1.31.0/src/proxy/domainmap.h
Examining data/pushpin-1.31.0/src/proxy/main.cpp
Examining data/pushpin-1.31.0/src/proxy/proxyutil.h
Examining data/pushpin-1.31.0/src/proxy/engine.h
Examining data/pushpin-1.31.0/src/proxy/websocketoverhttp.h
Examining data/pushpin-1.31.0/src/proxy/xffrule.h
Examining data/pushpin-1.31.0/src/proxy/acceptrequest.h
Examining data/pushpin-1.31.0/src/proxy/routesfile.cpp
Examining data/pushpin-1.31.0/src/proxy/websocketoverhttp.cpp
Examining data/pushpin-1.31.0/src/proxy/jwt.h
Examining data/pushpin-1.31.0/src/proxy/wscontrolsession.h
Examining data/pushpin-1.31.0/src/proxy/wsproxysession.cpp
Examining data/pushpin-1.31.0/src/proxy/zroutes.h
Examining data/pushpin-1.31.0/src/proxy/sockjssession.h
Examining data/pushpin-1.31.0/src/proxy/app.h
Examining data/pushpin-1.31.0/src/proxy/routesfile.h
Examining data/pushpin-1.31.0/src/proxy/proxysession.h
Examining data/pushpin-1.31.0/src/proxy/zrpcchecker.h
Examining data/pushpin-1.31.0/src/proxy/inspectrequest.cpp
Examining data/pushpin-1.31.0/src/proxy/acceptdata.h
Examining data/pushpin-1.31.0/src/proxy/testwebsocket.cpp
Examining data/pushpin-1.31.0/src/proxy/proxysession.cpp
Examining data/pushpin-1.31.0/src/proxy/testhttprequest.cpp
Examining data/pushpin-1.31.0/src/proxy/sockjsmanager.h
Examining data/pushpin-1.31.0/src/proxy/testhttprequest.h
Examining data/pushpin-1.31.0/src/proxy/zroutes.cpp
Examining data/pushpin-1.31.0/src/proxy/updater.h
Examining data/pushpin-1.31.0/src/proxy/wscontrolmanager.h
Examining data/pushpin-1.31.0/src/proxy/connectionmanager.cpp
Examining data/pushpin-1.31.0/src/proxy/wscontrolsession.cpp
Examining data/pushpin-1.31.0/src/proxy/tests/jwttest/jwttest.cpp
Examining data/pushpin-1.31.0/src/proxy/tests/routesfiletest/routesfiletest.cpp
Examining data/pushpin-1.31.0/src/proxy/tests/enginetest/enginetest.cpp
Examining data/pushpin-1.31.0/src/proxy/connectionmanager.h
Examining data/pushpin-1.31.0/src/proxy/jwt.cpp
Examining data/pushpin-1.31.0/src/proxy/requestsession.cpp
Examining data/pushpin-1.31.0/src/proxy/proxyutil.cpp
Examining data/pushpin-1.31.0/src/proxy/wscontrolmanager.cpp
Examining data/pushpin-1.31.0/src/proxy/zrpcchecker.cpp
Examining data/pushpin-1.31.0/src/proxy/testwebsocket.h
Examining data/pushpin-1.31.0/src/proxy/sockjssession.cpp
Examining data/pushpin-1.31.0/src/proxy/inspectrequest.h
Examining data/pushpin-1.31.0/src/proxy/updater.cpp
Examining data/pushpin-1.31.0/src/proxy/domainmap.cpp
Examining data/pushpin-1.31.0/src/proxy/requestsession.h
Examining data/pushpin-1.31.0/src/proxy/sockjsmanager.cpp
Examining data/pushpin-1.31.0/src/proxy/engine.cpp
Examining data/pushpin-1.31.0/src/proxy/acceptrequest.cpp
Examining data/pushpin-1.31.0/src/proxy/wsproxysession.h
Examining data/pushpin-1.31.0/src/proxy/app.cpp
Examining data/pushpin-1.31.0/src/runner/condureservice.cpp
Examining data/pushpin-1.31.0/src/runner/main.cpp
Examining data/pushpin-1.31.0/src/runner/pushpinhandlerservice.cpp
Examining data/pushpin-1.31.0/src/runner/listenport.h
Examining data/pushpin-1.31.0/src/runner/app.h
Examining data/pushpin-1.31.0/src/runner/zurlservice.cpp
Examining data/pushpin-1.31.0/src/runner/template.cpp
Examining data/pushpin-1.31.0/src/runner/pushpinhandlerservice.h
Examining data/pushpin-1.31.0/src/runner/pushpinproxyservice.h
Examining data/pushpin-1.31.0/src/runner/app.cpp
Examining data/pushpin-1.31.0/src/runner/m2adapterservice.h
Examining data/pushpin-1.31.0/src/runner/service.cpp
Examining data/pushpin-1.31.0/src/runner/service.h
Examining data/pushpin-1.31.0/src/runner/mongrel2service.h
Examining data/pushpin-1.31.0/src/runner/tests/templatetest/templatetest.cpp
Examining data/pushpin-1.31.0/src/runner/mongrel2service.cpp
Examining data/pushpin-1.31.0/src/runner/m2adapterservice.cpp
Examining data/pushpin-1.31.0/src/runner/template.h
Examining data/pushpin-1.31.0/src/runner/pushpinproxyservice.cpp
Examining data/pushpin-1.31.0/src/runner/condureservice.h
Examining data/pushpin-1.31.0/src/runner/zurlservice.h
Examining data/pushpin-1.31.0/src/corelib/zwebsocket.h
Examining data/pushpin-1.31.0/src/corelib/packet/statspacket.cpp
Examining data/pushpin-1.31.0/src/corelib/packet/zrpcresponsepacket.h
Examining data/pushpin-1.31.0/src/corelib/packet/httprequestdata.h
Examining data/pushpin-1.31.0/src/corelib/packet/zrpcrequestpacket.h
Examining data/pushpin-1.31.0/src/corelib/packet/retryrequestpacket.h
Examining data/pushpin-1.31.0/src/corelib/packet/retryrequestpacket.cpp
Examining data/pushpin-1.31.0/src/corelib/packet/statspacket.h
Examining data/pushpin-1.31.0/src/corelib/packet/wscontrolpacket.h
Examining data/pushpin-1.31.0/src/corelib/packet/wscontrolpacket.cpp
Examining data/pushpin-1.31.0/src/corelib/packet/httpresponsedata.h
Examining data/pushpin-1.31.0/src/corelib/packet/zrpcrequestpacket.cpp
Examining data/pushpin-1.31.0/src/corelib/packet/zrpcresponsepacket.cpp
Examining data/pushpin-1.31.0/src/corelib/logutil.h
Examining data/pushpin-1.31.0/src/corelib/qzmq/examples/helloclient/helloclient.cpp
Examining data/pushpin-1.31.0/src/corelib/qzmq/examples/helloserver/helloserver.cpp
Examining data/pushpin-1.31.0/src/corelib/qzmq/src/qzmqreprouter.h
Examining data/pushpin-1.31.0/src/corelib/qzmq/src/qzmqcontext.cpp
Examining data/pushpin-1.31.0/src/corelib/qzmq/src/qzmqreprouter.cpp
Examining data/pushpin-1.31.0/src/corelib/qzmq/src/qzmqsocket.h
Examining data/pushpin-1.31.0/src/corelib/qzmq/src/qzmqsocket.cpp
Examining data/pushpin-1.31.0/src/corelib/qzmq/src/qzmqreqmessage.h
Examining data/pushpin-1.31.0/src/corelib/qzmq/src/qzmqvalve.cpp
Examining data/pushpin-1.31.0/src/corelib/qzmq/src/qzmqcontext.h
Examining data/pushpin-1.31.0/src/corelib/qzmq/src/qzmqvalve.h
Examining data/pushpin-1.31.0/src/corelib/uuidutil.h
Examining data/pushpin-1.31.0/src/corelib/zrpcrequest.h
Examining data/pushpin-1.31.0/src/corelib/zhttprequest.cpp
Examining data/pushpin-1.31.0/src/corelib/zutil.h
Examining data/pushpin-1.31.0/src/corelib/zwebsocket.cpp
Examining data/pushpin-1.31.0/src/corelib/uuidutil.cpp
Examining data/pushpin-1.31.0/src/corelib/zrpcrequest.cpp
Examining data/pushpin-1.31.0/src/corelib/websocket.h
Examining data/pushpin-1.31.0/src/corelib/zutil.cpp
Examining data/pushpin-1.31.0/src/corelib/httprequest.h
Examining data/pushpin-1.31.0/src/corelib/common/zhttprequestpacket.cpp
Examining data/pushpin-1.31.0/src/corelib/common/processquit.cpp
Examining data/pushpin-1.31.0/src/corelib/common/bufferlist.cpp
Examining data/pushpin-1.31.0/src/corelib/common/httpheaders.h
Examining data/pushpin-1.31.0/src/corelib/common/tnetstring.h
Examining data/pushpin-1.31.0/src/corelib/common/httpheaders.cpp
Examining data/pushpin-1.31.0/src/corelib/common/zhttpresponsepacket.h
Examining data/pushpin-1.31.0/src/corelib/common/log.cpp
Examining data/pushpin-1.31.0/src/corelib/common/processquit.h
Examining data/pushpin-1.31.0/src/corelib/common/zhttpresponsepacket.cpp
Examining data/pushpin-1.31.0/src/corelib/common/zhttprequestpacket.h
Examining data/pushpin-1.31.0/src/corelib/common/tests/httpheaderstest/httpheaderstest.cpp
Examining data/pushpin-1.31.0/src/corelib/common/bufferlist.h
Examining data/pushpin-1.31.0/src/corelib/common/layertracker.h
Examining data/pushpin-1.31.0/src/corelib/common/log.h
Examining data/pushpin-1.31.0/src/corelib/common/layertracker.cpp
Examining data/pushpin-1.31.0/src/corelib/common/tnetstring.cpp
Examining data/pushpin-1.31.0/src/corelib/cors.h
Examining data/pushpin-1.31.0/src/corelib/cors.cpp
Examining data/pushpin-1.31.0/src/corelib/zhttpmanager.h
Examining data/pushpin-1.31.0/src/corelib/inspectdata.h
Examining data/pushpin-1.31.0/src/corelib/logutil.cpp
Examining data/pushpin-1.31.0/src/corelib/statsmanager.cpp
Examining data/pushpin-1.31.0/src/corelib/settings.cpp
Examining data/pushpin-1.31.0/src/corelib/zrpcmanager.cpp
Examining data/pushpin-1.31.0/src/corelib/statsmanager.h
Examining data/pushpin-1.31.0/src/corelib/zhttprequest.h
Examining data/pushpin-1.31.0/src/corelib/zhttpmanager.cpp
Examining data/pushpin-1.31.0/src/corelib/zrpcmanager.h
Examining data/pushpin-1.31.0/src/corelib/statusreasons.h
Examining data/pushpin-1.31.0/src/corelib/settings.h
Examining data/pushpin-1.31.0/src/corelib/statusreasons.cpp
Examining data/pushpin-1.31.0/src/corelib/wscontrol.h
FINAL RESULTS:
data/pushpin-1.31.0/src/corelib/common/log.cpp:66:7: [4] (format) vsprintf:
Potential format string problem (CWE-134). Make format string constant.
str.vsprintf(fmt, ap);
data/pushpin-1.31.0/src/corelib/common/tnetstring.cpp:373:21: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
out += QString().sprintf("\\x%02x", (unsigned char)c);
data/pushpin-1.31.0/src/corelib/logutil.cpp:95:6: [4] (format) vsprintf:
Potential format string problem (CWE-134). Make format string constant.
str.vsprintf(fmt, ap);
data/pushpin-1.31.0/src/corelib/logutil.cpp:102:6: [4] (format) vsprintf:
Potential format string problem (CWE-134). Make format string constant.
str.vsprintf(fmt, ap);
data/pushpin-1.31.0/src/corelib/logutil.cpp:109:6: [4] (format) vsprintf:
Potential format string problem (CWE-134). Make format string constant.
str.vsprintf(fmt, ap);
data/pushpin-1.31.0/src/corelib/logutil.cpp:193:20: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
msg += QString().sprintf(" shared=%p", data.sharedBy);
data/pushpin-1.31.0/src/corelib/common/bufferlist.cpp:91:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(outp, buf.data() + offset, bsize);
data/pushpin-1.31.0/src/corelib/common/bufferlist.cpp:151:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(outp, buf.data() + offset_, bsize);
data/pushpin-1.31.0/src/corelib/common/log.cpp:131:12: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE *f = fopen(fname.toLocal8Bit().data(), "a");
data/pushpin-1.31.0/src/corelib/qzmq/src/qzmqsocket.cpp:542:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(zmq_msg_data(&msg), buf.data(), buf.size());
data/pushpin-1.31.0/src/corelib/qzmq/src/qzmqvalve.cpp:131:13: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
void Valve::open()
data/pushpin-1.31.0/src/corelib/qzmq/src/qzmqvalve.h:45:7: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
void open();
data/pushpin-1.31.0/src/corelib/zhttpmanager.cpp:232:20: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
client_in_valve->open();
data/pushpin-1.31.0/src/corelib/zhttpmanager.cpp:277:20: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
server_in_valve->open();
data/pushpin-1.31.0/src/corelib/zhttpmanager.cpp:301:27: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
server_in_stream_valve->open();
data/pushpin-1.31.0/src/corelib/zhttpmanager.cpp:1186:23: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
d->server_in_valve->open();
data/pushpin-1.31.0/src/corelib/zhttpmanager.cpp:1221:23: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
d->server_in_valve->open();
data/pushpin-1.31.0/src/corelib/zrpcmanager.cpp:115:16: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
clientValve->open();
data/pushpin-1.31.0/src/corelib/zrpcmanager.cpp:140:16: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
serverValve->open();
data/pushpin-1.31.0/src/corelib/zrpcmanager.cpp:309:18: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
d->serverValve->open();
data/pushpin-1.31.0/src/handler/app.cpp:222:13: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if(!file.open(QIODevice::ReadOnly))
data/pushpin-1.31.0/src/handler/engine.cpp:1505:17: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
inPullValve->open();
data/pushpin-1.31.0/src/handler/engine.cpp:1507:16: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
inSubValve->open();
data/pushpin-1.31.0/src/handler/engine.cpp:1509:22: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
wsControlInValve->open();
data/pushpin-1.31.0/src/handler/engine.cpp:1511:21: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
proxyStatsValve->open();
data/pushpin-1.31.0/src/handler/tests/enginetest/enginetest.cpp:114:23: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
zhttpClientInValve->open();
data/pushpin-1.31.0/src/handler/tests/enginetest/enginetest.cpp:115:23: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
zhttpServerInValve->open();
data/pushpin-1.31.0/src/handler/tests/enginetest/enginetest.cpp:116:29: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
zhttpServerInStreamValve->open();
data/pushpin-1.31.0/src/handler/tests/enginetest/enginetest.cpp:123:21: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
proxyAcceptValve->open();
data/pushpin-1.31.0/src/m2adapter/app.cpp:527:16: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
m2_in_valve->open();
data/pushpin-1.31.0/src/m2adapter/app.cpp:530:20: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
zhttp_in_valve->open();
data/pushpin-1.31.0/src/m2adapter/app.cpp:532:18: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
zws_in_valve->open();
data/pushpin-1.31.0/src/m2adapter/app.cpp:567:13: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if(!file.open(QIODevice::ReadOnly))
data/pushpin-1.31.0/src/m2adapter/app.cpp:1976:6: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(data.data() + 2, zresp.body.data(), zresp.body.size());
data/pushpin-1.31.0/src/proxy/app.cpp:247:13: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if(!file.open(QIODevice::ReadOnly))
data/pushpin-1.31.0/src/proxy/domainmap.cpp:178:12: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if(!file.open(QFile::ReadOnly))
data/pushpin-1.31.0/src/proxy/engine.cpp:278:28: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
handler_retry_in_valve->open();
data/pushpin-1.31.0/src/proxy/tests/enginetest/enginetest.cpp:139:23: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
zhttpClientInValve->open();
data/pushpin-1.31.0/src/proxy/tests/enginetest/enginetest.cpp:140:23: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
zhttpServerInValve->open();
data/pushpin-1.31.0/src/proxy/tests/enginetest/enginetest.cpp:141:29: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
zhttpServerInStreamValve->open();
data/pushpin-1.31.0/src/proxy/tests/enginetest/enginetest.cpp:150:24: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
handlerInspectValve->open();
data/pushpin-1.31.0/src/proxy/tests/enginetest/enginetest.cpp:151:23: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
handlerAcceptValve->open();
data/pushpin-1.31.0/src/proxy/websocketoverhttp.cpp:589:6: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf.data() + 2, rawReason.data(), rawReason.size());
data/pushpin-1.31.0/src/proxy/wscontrolmanager.cpp:122:12: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
inValve->open();
data/pushpin-1.31.0/src/runner/app.cpp:351:13: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if(!file.open(QIODevice::ReadOnly))
data/pushpin-1.31.0/src/runner/service.cpp:188:9: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if(!f.open(QFile::WriteOnly | QFile::Truncate))
data/pushpin-1.31.0/src/runner/template.cpp:453:9: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if(!in.open(QFile::ReadOnly | QFile::Text))
data/pushpin-1.31.0/src/runner/template.cpp:473:10: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if(!out.open(QFile::WriteOnly | QFile::Truncate))
data/pushpin-1.31.0/tools/echo/echo.cpp:128:11: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
file.open(QFile::ReadOnly);
data/pushpin-1.31.0/tools/publish/main.cpp:328:9: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if(!f.open(QFile::ReadOnly))
data/pushpin-1.31.0/src/corelib/common/processquit.cpp:226:8: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if(::read(sig_pipe[0], &c, 1) == -1)
data/pushpin-1.31.0/src/corelib/qzmq/examples/helloclient/helloclient.cpp:36:33: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
QList<QByteArray> resp = sock.read();
data/pushpin-1.31.0/src/corelib/qzmq/examples/helloserver/helloserver.cpp:28:31: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
QZmq::ReqMessage msg = sock.read();
data/pushpin-1.31.0/src/corelib/qzmq/src/qzmqreprouter.cpp:91:23: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ReqMessage RepRouter::read()
data/pushpin-1.31.0/src/corelib/qzmq/src/qzmqreprouter.cpp:93:29: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
return ReqMessage(d->sock->read());
data/pushpin-1.31.0/src/corelib/qzmq/src/qzmqreprouter.h:48:13: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ReqMessage read();
data/pushpin-1.31.0/src/corelib/qzmq/src/qzmqsocket.cpp:440:20: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
QList<QByteArray> read()
data/pushpin-1.31.0/src/corelib/qzmq/src/qzmqsocket.cpp:748:27: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
QList<QByteArray> Socket::read()
data/pushpin-1.31.0/src/corelib/qzmq/src/qzmqsocket.cpp:750:12: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
return d->read();
data/pushpin-1.31.0/src/corelib/qzmq/src/qzmqsocket.h:98:20: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
QList<QByteArray> read();
data/pushpin-1.31.0/src/corelib/qzmq/src/qzmqvalve.cpp:80:34: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
QList<QByteArray> msg = sock->read();
data/pushpin-1.31.0/src/corelib/zhttpmanager.cpp:697:45: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
QList<QByteArray> msg = client_req_sock->read();
data/pushpin-1.31.0/src/handler/simplehttpserver.cpp:231:19: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
inBuf += sock->read(maxHeadersSize - inBuf.size());
data/pushpin-1.31.0/src/handler/simplehttpserver.cpp:318:21: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
reqBody += sock->read(maxBodySize - reqBody.size() + 1);
data/pushpin-1.31.0/src/m2adapter/app.cpp:2755:38: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
QList<QByteArray> message = sock->read();
ANALYSIS SUMMARY:
Hits = 65
Lines analyzed = 53079 in approximately 1.08 seconds (49270 lines/second)
Physical Source Lines of Code (SLOC) = 38225
Hits@level = [0] 36 [1] 15 [2] 44 [3] 0 [4] 6 [5] 0
Hits@level+ = [0+] 101 [1+] 65 [2+] 50 [3+] 6 [4+] 6 [5+] 0
Hits/KSLOC@level+ = [0+] 2.64225 [1+] 1.70046 [2+] 1.30804 [3+] 0.156965 [4+] 0.156965 [5+] 0
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.