Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler. Number of rules (primarily dangerous function names) in C/C++ ruleset: 223 Examining data/qtnetworkauth-everywhere-src-5.15.2/examples/oauth/redditclient/main.cpp Examining data/qtnetworkauth-everywhere-src-5.15.2/examples/oauth/redditclient/redditmodel.cpp Examining data/qtnetworkauth-everywhere-src-5.15.2/examples/oauth/redditclient/redditmodel.h Examining data/qtnetworkauth-everywhere-src-5.15.2/examples/oauth/redditclient/redditwrapper.cpp Examining data/qtnetworkauth-everywhere-src-5.15.2/examples/oauth/redditclient/redditwrapper.h Examining data/qtnetworkauth-everywhere-src-5.15.2/examples/oauth/twittertimeline/main.cpp Examining data/qtnetworkauth-everywhere-src-5.15.2/examples/oauth/twittertimeline/twitter.cpp Examining data/qtnetworkauth-everywhere-src-5.15.2/examples/oauth/twittertimeline/twitter.h Examining data/qtnetworkauth-everywhere-src-5.15.2/examples/oauth/twittertimeline/twittertimelinemodel.cpp Examining data/qtnetworkauth-everywhere-src-5.15.2/examples/oauth/twittertimeline/twittertimelinemodel.h Examining data/qtnetworkauth-everywhere-src-5.15.2/include/QtNetworkAuth/5.15.2/QtNetworkAuth/private/qabstractoauth2_p.h Examining data/qtnetworkauth-everywhere-src-5.15.2/include/QtNetworkAuth/5.15.2/QtNetworkAuth/private/qabstractoauth_p.h Examining data/qtnetworkauth-everywhere-src-5.15.2/include/QtNetworkAuth/5.15.2/QtNetworkAuth/private/qabstractoauthreplyhandler_p.h Examining data/qtnetworkauth-everywhere-src-5.15.2/include/QtNetworkAuth/5.15.2/QtNetworkAuth/private/qoauth1_p.h Examining data/qtnetworkauth-everywhere-src-5.15.2/include/QtNetworkAuth/5.15.2/QtNetworkAuth/private/qoauth1signature_p.h Examining data/qtnetworkauth-everywhere-src-5.15.2/include/QtNetworkAuth/5.15.2/QtNetworkAuth/private/qoauth2authorizationcodeflow_p.h Examining data/qtnetworkauth-everywhere-src-5.15.2/include/QtNetworkAuth/5.15.2/QtNetworkAuth/private/qoauthhttpserverreplyhandler_p.h Examining data/qtnetworkauth-everywhere-src-5.15.2/include/QtNetworkAuth/qabstractoauth.h Examining data/qtnetworkauth-everywhere-src-5.15.2/include/QtNetworkAuth/qabstractoauth2.h Examining data/qtnetworkauth-everywhere-src-5.15.2/include/QtNetworkAuth/qabstractoauthreplyhandler.h Examining data/qtnetworkauth-everywhere-src-5.15.2/include/QtNetworkAuth/qoauth1.h Examining data/qtnetworkauth-everywhere-src-5.15.2/include/QtNetworkAuth/qoauth1signature.h Examining data/qtnetworkauth-everywhere-src-5.15.2/include/QtNetworkAuth/qoauth2authorizationcodeflow.h Examining data/qtnetworkauth-everywhere-src-5.15.2/include/QtNetworkAuth/qoauthglobal.h Examining data/qtnetworkauth-everywhere-src-5.15.2/include/QtNetworkAuth/qoauthhttpserverreplyhandler.h Examining data/qtnetworkauth-everywhere-src-5.15.2/include/QtNetworkAuth/qoauthoobreplyhandler.h Examining data/qtnetworkauth-everywhere-src-5.15.2/include/QtNetworkAuth/qtnetworkauthversion.h Examining data/qtnetworkauth-everywhere-src-5.15.2/src/oauth/qabstractoauth.cpp Examining data/qtnetworkauth-everywhere-src-5.15.2/src/oauth/qabstractoauth.h Examining data/qtnetworkauth-everywhere-src-5.15.2/src/oauth/qabstractoauth2.cpp Examining data/qtnetworkauth-everywhere-src-5.15.2/src/oauth/qabstractoauth2.h Examining data/qtnetworkauth-everywhere-src-5.15.2/src/oauth/qabstractoauth2_p.h Examining data/qtnetworkauth-everywhere-src-5.15.2/src/oauth/qabstractoauth_p.h Examining data/qtnetworkauth-everywhere-src-5.15.2/src/oauth/qabstractoauthreplyhandler.cpp Examining data/qtnetworkauth-everywhere-src-5.15.2/src/oauth/qabstractoauthreplyhandler.h Examining data/qtnetworkauth-everywhere-src-5.15.2/src/oauth/qabstractoauthreplyhandler_p.h Examining data/qtnetworkauth-everywhere-src-5.15.2/src/oauth/qoauth1.cpp Examining data/qtnetworkauth-everywhere-src-5.15.2/src/oauth/qoauth1.h Examining data/qtnetworkauth-everywhere-src-5.15.2/src/oauth/qoauth1_p.h Examining data/qtnetworkauth-everywhere-src-5.15.2/src/oauth/qoauth1signature.cpp Examining data/qtnetworkauth-everywhere-src-5.15.2/src/oauth/qoauth1signature.h Examining data/qtnetworkauth-everywhere-src-5.15.2/src/oauth/qoauth1signature_p.h Examining data/qtnetworkauth-everywhere-src-5.15.2/src/oauth/qoauth2authorizationcodeflow.cpp Examining data/qtnetworkauth-everywhere-src-5.15.2/src/oauth/qoauth2authorizationcodeflow.h Examining data/qtnetworkauth-everywhere-src-5.15.2/src/oauth/qoauth2authorizationcodeflow_p.h Examining data/qtnetworkauth-everywhere-src-5.15.2/src/oauth/qoauthglobal.h Examining data/qtnetworkauth-everywhere-src-5.15.2/src/oauth/qoauthhttpserverreplyhandler.cpp Examining data/qtnetworkauth-everywhere-src-5.15.2/src/oauth/qoauthhttpserverreplyhandler.h Examining data/qtnetworkauth-everywhere-src-5.15.2/src/oauth/qoauthhttpserverreplyhandler_p.h Examining data/qtnetworkauth-everywhere-src-5.15.2/src/oauth/qoauthoobreplyhandler.cpp Examining data/qtnetworkauth-everywhere-src-5.15.2/src/oauth/qoauthoobreplyhandler.h Examining data/qtnetworkauth-everywhere-src-5.15.2/tests/auto/abstractoauth/tst_abstractoauth.cpp Examining data/qtnetworkauth-everywhere-src-5.15.2/tests/auto/oauth1/tst_oauth1.cpp Examining data/qtnetworkauth-everywhere-src-5.15.2/tests/auto/oauth1signature/tst_oauth1signature.cpp Examining data/qtnetworkauth-everywhere-src-5.15.2/tests/auto/oauth2/tst_oauth2.cpp Examining data/qtnetworkauth-everywhere-src-5.15.2/tests/auto/oauthhttpserverreplyhandler/tst_oauthhttpserverreplyhandler.cpp Examining data/qtnetworkauth-everywhere-src-5.15.2/tests/auto/shared/webserver.h FINAL RESULTS: data/qtnetworkauth-everywhere-src-5.15.2/src/oauth/qoauthhttpserverreplyhandler.cpp:147:32: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). const auto c = socket->read(1).at(0); data/qtnetworkauth-everywhere-src-5.15.2/src/oauth/qoauthhttpserverreplyhandler.cpp:179:32: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). const auto c = socket->read(1).at(0); data/qtnetworkauth-everywhere-src-5.15.2/src/oauth/qoauthhttpserverreplyhandler.cpp:207:29: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). fragment += socket->read(1); data/qtnetworkauth-everywhere-src-5.15.2/src/oauth/qoauthhttpserverreplyhandler.cpp:230:29: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). fragment += socket->read(1); data/qtnetworkauth-everywhere-src-5.15.2/tests/auto/shared/webserver.h:157:32: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). const auto c = socket->read(1).at(0); data/qtnetworkauth-everywhere-src-5.15.2/tests/auto/shared/webserver.h:191:32: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). const auto c = socket->read(1).at(0); data/qtnetworkauth-everywhere-src-5.15.2/tests/auto/shared/webserver.h:218:29: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). fragment += socket->read(1); data/qtnetworkauth-everywhere-src-5.15.2/tests/auto/shared/webserver.h:242:29: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). fragment += socket->read(1); data/qtnetworkauth-everywhere-src-5.15.2/tests/auto/shared/webserver.h:274:27: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). int got = socket->read(&fragment.data()[fragment.size() - bytesLeft], bytesLeft); ANALYSIS SUMMARY: Hits = 9 Lines analyzed = 8161 in approximately 0.24 seconds (33404 lines/second) Physical Source Lines of Code (SLOC) = 4686 Hits@level = [0] 0 [1] 9 [2] 0 [3] 0 [4] 0 [5] 0 Hits@level+ = [0+] 9 [1+] 9 [2+] 0 [3+] 0 [4+] 0 [5+] 0 Hits/KSLOC@level+ = [0+] 1.92061 [1+] 1.92061 [2+] 0 [3+] 0 [4+] 0 [5+] 0 Dot directories skipped = 1 (--followdotdir overrides) Minimum risk level = 1 Not every hit is necessarily a security vulnerability. There may be other security vulnerabilities; review your code! See 'Secure Programming HOWTO' (https://dwheeler.com/secure-programs) for more information.