stdin

Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/qhttpengine-0.1.0+dfsg1/examples/chatserver/apihandler.cpp
Examining data/qhttpengine-0.1.0+dfsg1/examples/chatserver/apihandler.h
Examining data/qhttpengine-0.1.0+dfsg1/examples/chatserver/main.cpp
Examining data/qhttpengine-0.1.0+dfsg1/examples/fileserver/main.cpp
Examining data/qhttpengine-0.1.0+dfsg1/src/QHttpEngine/qfilesystemhandler.h
Examining data/qhttpengine-0.1.0+dfsg1/src/QHttpEngine/qhttphandler.h
Examining data/qhttpengine-0.1.0+dfsg1/src/QHttpEngine/qhttpparser.h
Examining data/qhttpengine-0.1.0+dfsg1/src/QHttpEngine/qhttpserver.h
Examining data/qhttpengine-0.1.0+dfsg1/src/QHttpEngine/qhttpsocket.h
Examining data/qhttpengine-0.1.0+dfsg1/src/QHttpEngine/qibytearray.h
Examining data/qhttpengine-0.1.0+dfsg1/src/QHttpEngine/qiodevicecopier.h
Examining data/qhttpengine-0.1.0+dfsg1/src/QHttpEngine/qlocalfile.h
Examining data/qhttpengine-0.1.0+dfsg1/src/QHttpEngine/qobjecthandler.h
Examining data/qhttpengine-0.1.0+dfsg1/src/qfilesystemhandler.cpp
Examining data/qhttpengine-0.1.0+dfsg1/src/qfilesystemhandler_p.h
Examining data/qhttpengine-0.1.0+dfsg1/src/qhttphandler.cpp
Examining data/qhttpengine-0.1.0+dfsg1/src/qhttphandler_p.h
Examining data/qhttpengine-0.1.0+dfsg1/src/qhttpparser.cpp
Examining data/qhttpengine-0.1.0+dfsg1/src/qhttpserver.cpp
Examining data/qhttpengine-0.1.0+dfsg1/src/qhttpserver_p.h
Examining data/qhttpengine-0.1.0+dfsg1/src/qhttpsocket.cpp
Examining data/qhttpengine-0.1.0+dfsg1/src/qhttpsocket_p.h
Examining data/qhttpengine-0.1.0+dfsg1/src/qibytearray.cpp
Examining data/qhttpengine-0.1.0+dfsg1/src/qiodevicecopier.cpp
Examining data/qhttpengine-0.1.0+dfsg1/src/qiodevicecopier_p.h
Examining data/qhttpengine-0.1.0+dfsg1/src/qlocalfile.cpp
Examining data/qhttpengine-0.1.0+dfsg1/src/qlocalfile_p.h
Examining data/qhttpengine-0.1.0+dfsg1/src/qobjecthandler.cpp
Examining data/qhttpengine-0.1.0+dfsg1/src/qobjecthandler_p.h
Examining data/qhttpengine-0.1.0+dfsg1/tests/TestQFilesystemHandler.cpp
Examining data/qhttpengine-0.1.0+dfsg1/tests/TestQHttpHandler.cpp
Examining data/qhttpengine-0.1.0+dfsg1/tests/TestQHttpParser.cpp
Examining data/qhttpengine-0.1.0+dfsg1/tests/TestQHttpServer.cpp
Examining data/qhttpengine-0.1.0+dfsg1/tests/TestQHttpSocket.cpp
Examining data/qhttpengine-0.1.0+dfsg1/tests/TestQIByteArray.cpp
Examining data/qhttpengine-0.1.0+dfsg1/tests/TestQIODeviceCopier.cpp
Examining data/qhttpengine-0.1.0+dfsg1/tests/TestQLocalFile.cpp
Examining data/qhttpengine-0.1.0+dfsg1/tests/TestQObjectHandler.cpp
Examining data/qhttpengine-0.1.0+dfsg1/tests/common/qsimplehttpclient.cpp
Examining data/qhttpengine-0.1.0+dfsg1/tests/common/qsimplehttpclient.h
Examining data/qhttpengine-0.1.0+dfsg1/tests/common/qsocketpair.cpp
Examining data/qhttpengine-0.1.0+dfsg1/tests/common/qsocketpair.h

FINAL RESULTS:

data/qhttpengine-0.1.0+dfsg1/src/qlocalfile.cpp:48:12:  [5] (race) chmod:
  This accepts filename arguments; if an attacker can move those files, a
  race condition results. (CWE-362). Use fchmod( ) instead.
    return chmod(q->fileName().toUtf8().constData(), S_IRUSR | S_IWUSR) == 0;
data/qhttpengine-0.1.0+dfsg1/src/QHttpEngine/qlocalfile.h:71:10:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    bool open();
data/qhttpengine-0.1.0+dfsg1/src/qfilesystemhandler.cpp:75:15:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    if(!file->open(QIODevice::ReadOnly)) {
data/qhttpengine-0.1.0+dfsg1/src/qhttpsocket.cpp:305:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(data, d->readBuffer.constData(), size);
data/qhttpengine-0.1.0+dfsg1/src/qiodevicecopier.cpp:105:21:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
        if(!d->src->open(QIODevice::ReadOnly)) {
data/qhttpengine-0.1.0+dfsg1/src/qiodevicecopier.cpp:113:22:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
        if(!d->dest->open(QIODevice::WriteOnly)) {
data/qhttpengine-0.1.0+dfsg1/src/qlocalfile.cpp:125:18:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
bool QLocalFile::open()
data/qhttpengine-0.1.0+dfsg1/src/qlocalfile.cpp:127:19:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    return QFile::open(QIODevice::WriteOnly) && d->setPermission() && d->setHidden();
data/qhttpengine-0.1.0+dfsg1/tests/TestQFilesystemHandler.cpp:117:14:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    if(!file.open(QIODevice::WriteOnly)) {
data/qhttpengine-0.1.0+dfsg1/tests/TestQLocalFile.cpp:50:18:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    QVERIFY(file.open());
data/qhttpengine-0.1.0+dfsg1/src/qiodevicecopier.cpp:63:28:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
    qint64 dataRead = src->read(data.data(), bufferSize);

ANALYSIS SUMMARY:

Hits = 11
Lines analyzed = 4321 in approximately 0.19 seconds (22781 lines/second)
Physical Source Lines of Code (SLOC) = 2070
Hits@level = [0]   0 [1]   1 [2]   9 [3]   0 [4]   0 [5]   1
Hits@level+ = [0+]  11 [1+]  11 [2+]  10 [3+]   1 [4+]   1 [5+]   1
Hits/KSLOC@level+ = [0+] 5.31401 [1+] 5.31401 [2+] 4.83092 [3+] 0.483092 [4+] 0.483092 [5+] 0.483092
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.