Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/qevercloud-3.0.3+ds/QEverCloudGenerator/qt4helpers.h
Examining data/qevercloud-3.0.3+ds/QEverCloudGenerator/thrift_parser/Parser.cpp
Examining data/qevercloud-3.0.3+ds/QEverCloudGenerator/thrift_parser/Lexer.h
Examining data/qevercloud-3.0.3+ds/QEverCloudGenerator/thrift_parser/Generator.cpp
Examining data/qevercloud-3.0.3+ds/QEverCloudGenerator/thrift_parser/Parser.h
Examining data/qevercloud-3.0.3+ds/QEverCloudGenerator/thrift_parser/main.cpp
Examining data/qevercloud-3.0.3+ds/QEverCloudGenerator/thrift_parser/ParserHelper.h
Examining data/qevercloud-3.0.3+ds/QEverCloudGenerator/thrift_parser/Lexer.cpp
Examining data/qevercloud-3.0.3+ds/QEverCloudGenerator/thrift_parser/Generator.h
Examining data/qevercloud-3.0.3+ds/QEverCloud/headers/oauth.h
Examining data/qevercloud-3.0.3+ds/QEverCloud/headers/qt4helpers.h
Examining data/qevercloud-3.0.3+ds/QEverCloud/headers/EverCloudException.h
Examining data/qevercloud-3.0.3+ds/QEverCloud/headers/Optional.h
Examining data/qevercloud-3.0.3+ds/QEverCloud/headers/AsyncResult.h
Examining data/qevercloud-3.0.3+ds/QEverCloud/headers/EventLoopFinisher.h
Examining data/qevercloud-3.0.3+ds/QEverCloud/headers/QEverCloud.h
Examining data/qevercloud-3.0.3+ds/QEverCloud/headers/exceptions.h
Examining data/qevercloud-3.0.3+ds/QEverCloud/headers/thumbnail.h
Examining data/qevercloud-3.0.3+ds/QEverCloud/headers/QEverCloudOAuth.h
Examining data/qevercloud-3.0.3+ds/QEverCloud/headers/export.h
Examining data/qevercloud-3.0.3+ds/QEverCloud/headers/globals.h
Examining data/qevercloud-3.0.3+ds/QEverCloud/src/http.h
Examining data/qevercloud-3.0.3+ds/QEverCloud/src/thrift.h
Examining data/qevercloud-3.0.3+ds/QEverCloud/src/EverCloudException.cpp
Examining data/qevercloud-3.0.3+ds/QEverCloud/src/EventLoopFinisher.cpp
Examining data/qevercloud-3.0.3+ds/QEverCloud/src/http.cpp
Examining data/qevercloud-3.0.3+ds/QEverCloud/src/tests/TestQEverCloud.cpp
Examining data/qevercloud-3.0.3+ds/QEverCloud/src/globals.cpp
Examining data/qevercloud-3.0.3+ds/QEverCloud/src/oauth.cpp
Examining data/qevercloud-3.0.3+ds/QEverCloud/src/services_nongenerated.cpp
Examining data/qevercloud-3.0.3+ds/QEverCloud/src/thumbnail.cpp
Examining data/qevercloud-3.0.3+ds/QEverCloud/src/exceptions.cpp
Examining data/qevercloud-3.0.3+ds/QEverCloud/src/impl.h
Examining data/qevercloud-3.0.3+ds/QEverCloud/src/AsyncResult.cpp
FINAL RESULTS:
data/qevercloud-3.0.3+ds/QEverCloud/src/oauth.cpp:38:17: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
quint64 random;
data/qevercloud-3.0.3+ds/QEverCloud/src/oauth.cpp:39:22: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
std::memcpy(&random, &randomData.constData()[0], sizeof(random));
data/qevercloud-3.0.3+ds/QEverCloud/src/oauth.cpp:39:65: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
std::memcpy(&random, &randomData.constData()[0], sizeof(random));
data/qevercloud-3.0.3+ds/QEverCloud/src/oauth.cpp:40:16: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
res ^= random;
data/qevercloud-3.0.3+ds/QEverCloud/src/oauth.cpp:41:22: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
std::memcpy(&random, &randomData.constData()[sizeof(random)], sizeof(random));
data/qevercloud-3.0.3+ds/QEverCloud/src/oauth.cpp:41:61: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
std::memcpy(&random, &randomData.constData()[sizeof(random)], sizeof(random));
data/qevercloud-3.0.3+ds/QEverCloud/src/oauth.cpp:41:78: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
std::memcpy(&random, &randomData.constData()[sizeof(random)], sizeof(random));
data/qevercloud-3.0.3+ds/QEverCloud/src/oauth.cpp:42:16: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
res ^= random;
data/qevercloud-3.0.3+ds/QEverCloud/headers/oauth.h:204:10: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
void open();
data/qevercloud-3.0.3+ds/QEverCloud/headers/oauth.h:206:18: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
virtual void open() Q_DECL_OVERRIDE;
data/qevercloud-3.0.3+ds/QEverCloud/src/oauth.cpp:358:27: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
void EvernoteOAuthDialog::open()
data/qevercloud-3.0.3+ds/QEverCloud/src/oauth.cpp:361:14: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
QDialog::open();
data/qevercloud-3.0.3+ds/QEverCloud/src/thrift.h:283:14: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
std::memcpy(dest, m_buf.mid(m_pos, bytesCount).constData(), static_cast<std::size_t>(bytesCount));
data/qevercloud-3.0.3+ds/QEverCloudGenerator/thrift_parser/Generator.cpp:597:21: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!headerFile.open(QIODevice::WriteOnly|QIODevice::Text)) {
data/qevercloud-3.0.3+ds/QEverCloudGenerator/thrift_parser/Generator.cpp:636:19: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!bodyFile.open(QIODevice::WriteOnly|QIODevice::Text)) {
data/qevercloud-3.0.3+ds/QEverCloudGenerator/thrift_parser/Generator.cpp:841:21: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!headerFile.open(QIODevice::WriteOnly|QIODevice::Text)) {
data/qevercloud-3.0.3+ds/QEverCloudGenerator/thrift_parser/Generator.cpp:855:34: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!EDAMErrorCodeHeaderFile.open(QIODevice::WriteOnly|QIODevice::Text)) {
data/qevercloud-3.0.3+ds/QEverCloudGenerator/thrift_parser/Generator.cpp:1087:22: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!headerFile2.open(QIODevice::WriteOnly|QIODevice::Text)) {
data/qevercloud-3.0.3+ds/QEverCloudGenerator/thrift_parser/Generator.cpp:1119:19: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!bodyFile.open(QIODevice::WriteOnly|QIODevice::Text)) {
data/qevercloud-3.0.3+ds/QEverCloudGenerator/thrift_parser/Generator.cpp:1223:20: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if(!headerFile.open(QIODevice::WriteOnly|QIODevice::Text)) {
data/qevercloud-3.0.3+ds/QEverCloudGenerator/thrift_parser/Generator.cpp:1355:19: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!bodyFile.open(QIODevice::WriteOnly|QIODevice::Text)) {
data/qevercloud-3.0.3+ds/QEverCloudGenerator/thrift_parser/Lexer.cpp:15:14: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if(!file.open(QIODevice::ReadOnly|QIODevice::Text)) {
data/qevercloud-3.0.3+ds/QEverCloud/src/thrift.h:273:10: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
void read(quint8 * dest, qint32 bytesCount)
data/qevercloud-3.0.3+ds/QEverCloud/src/thrift.h:404:9: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
read(b, 1);
data/qevercloud-3.0.3+ds/QEverCloud/src/thrift.h:412:9: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
read(b, 1);
data/qevercloud-3.0.3+ds/QEverCloud/src/thrift.h:424:9: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
read(theBytes.b, 2);
data/qevercloud-3.0.3+ds/QEverCloud/src/thrift.h:436:9: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
read(theBytes.b, 4);
data/qevercloud-3.0.3+ds/QEverCloud/src/thrift.h:448:9: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
read(theBytes.b, 8);
data/qevercloud-3.0.3+ds/QEverCloud/src/thrift.h:462:9: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
read(theBytes.b, 8);
ANALYSIS SUMMARY:
Hits = 29
Lines analyzed = 6433 in approximately 0.21 seconds (29945 lines/second)
Physical Source Lines of Code (SLOC) = 4691
Hits@level = [0] 0 [1] 7 [2] 14 [3] 8 [4] 0 [5] 0
Hits@level+ = [0+] 29 [1+] 29 [2+] 22 [3+] 8 [4+] 0 [5+] 0
Hits/KSLOC@level+ = [0+] 6.18205 [1+] 6.18205 [2+] 4.68983 [3+] 1.70539 [4+] 0 [5+] 0
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.