Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/qtquickcontrols-opensource-src-5.15.2/examples/quickcontrols/controls/basiclayouts/src/main.cpp
Examining data/qtquickcontrols-opensource-src-5.15.2/examples/quickcontrols/controls/calendar/src/event.cpp
Examining data/qtquickcontrols-opensource-src-5.15.2/examples/quickcontrols/controls/calendar/src/event.h
Examining data/qtquickcontrols-opensource-src-5.15.2/examples/quickcontrols/controls/calendar/src/main.cpp
Examining data/qtquickcontrols-opensource-src-5.15.2/examples/quickcontrols/controls/calendar/src/sqleventmodel.cpp
Examining data/qtquickcontrols-opensource-src-5.15.2/examples/quickcontrols/controls/calendar/src/sqleventmodel.h
Examining data/qtquickcontrols-opensource-src-5.15.2/examples/quickcontrols/controls/filesystembrowser/main.cpp
Examining data/qtquickcontrols-opensource-src-5.15.2/examples/quickcontrols/controls/gallery/main.cpp
Examining data/qtquickcontrols-opensource-src-5.15.2/examples/quickcontrols/controls/shared/qtquickcontrolsapplication.h
Examining data/qtquickcontrols-opensource-src-5.15.2/examples/quickcontrols/controls/styles/main.cpp
Examining data/qtquickcontrols-opensource-src-5.15.2/examples/quickcontrols/controls/tableview/src/main.cpp
Examining data/qtquickcontrols-opensource-src-5.15.2/examples/quickcontrols/controls/tableview/src/sortfilterproxymodel.cpp
Examining data/qtquickcontrols-opensource-src-5.15.2/examples/quickcontrols/controls/tableview/src/sortfilterproxymodel.h
Examining data/qtquickcontrols-opensource-src-5.15.2/examples/quickcontrols/controls/texteditor/src/documenthandler.cpp
Examining data/qtquickcontrols-opensource-src-5.15.2/examples/quickcontrols/controls/texteditor/src/documenthandler.h
Examining data/qtquickcontrols-opensource-src-5.15.2/examples/quickcontrols/controls/texteditor/src/main.cpp
Examining data/qtquickcontrols-opensource-src-5.15.2/examples/quickcontrols/controls/touch/src/main.cpp
Examining data/qtquickcontrols-opensource-src-5.15.2/examples/quickcontrols/controls/uiforms/main.cpp
Examining data/qtquickcontrols-opensource-src-5.15.2/examples/quickcontrols/dialogs/systemdialogs/main.cpp
Examining data/qtquickcontrols-opensource-src-5.15.2/examples/quickcontrols/extras/dashboard/main.cpp
Examining data/qtquickcontrols-opensource-src-5.15.2/examples/quickcontrols/extras/flat/main.cpp
Examining data/qtquickcontrols-opensource-src-5.15.2/examples/quickcontrols/extras/gallery/main.cpp
Examining data/qtquickcontrols-opensource-src-5.15.2/src/controls/Private/qquickabstractstyle.cpp
Examining data/qtquickcontrols-opensource-src-5.15.2/src/controls/Private/qquickabstractstyle_p.h
Examining data/qtquickcontrols-opensource-src-5.15.2/src/controls/Private/qquickcalendarmodel.cpp
Examining data/qtquickcontrols-opensource-src-5.15.2/src/controls/Private/qquickcalendarmodel_p.h
Examining data/qtquickcontrols-opensource-src-5.15.2/src/controls/Private/qquickcontrolsettings.cpp
Examining data/qtquickcontrols-opensource-src-5.15.2/src/controls/Private/qquickcontrolsettings_p.h
Examining data/qtquickcontrols-opensource-src-5.15.2/src/controls/Private/qquickcontrolsprivate.cpp
Examining data/qtquickcontrols-opensource-src-5.15.2/src/controls/Private/qquickcontrolsprivate_p.h
Examining data/qtquickcontrols-opensource-src-5.15.2/src/controls/Private/qquickpadding_p.h
Examining data/qtquickcontrols-opensource-src-5.15.2/src/controls/Private/qquickrangeddate.cpp
Examining data/qtquickcontrols-opensource-src-5.15.2/src/controls/Private/qquickrangeddate_p.h
Examining data/qtquickcontrols-opensource-src-5.15.2/src/controls/Private/qquickrangemodel.cpp
Examining data/qtquickcontrols-opensource-src-5.15.2/src/controls/Private/qquickrangemodel_p.h
Examining data/qtquickcontrols-opensource-src-5.15.2/src/controls/Private/qquickrangemodel_p_p.h
Examining data/qtquickcontrols-opensource-src-5.15.2/src/controls/Private/qquicksceneposlistener.cpp
Examining data/qtquickcontrols-opensource-src-5.15.2/src/controls/Private/qquicksceneposlistener_p.h
Examining data/qtquickcontrols-opensource-src-5.15.2/src/controls/Private/qquickspinboxvalidator.cpp
Examining data/qtquickcontrols-opensource-src-5.15.2/src/controls/Private/qquickspinboxvalidator_p.h
Examining data/qtquickcontrols-opensource-src-5.15.2/src/controls/Private/qquickstyleitem.cpp
Examining data/qtquickcontrols-opensource-src-5.15.2/src/controls/Private/qquickstyleitem_p.h
Examining data/qtquickcontrols-opensource-src-5.15.2/src/controls/Private/qquicktooltip.cpp
Examining data/qtquickcontrols-opensource-src-5.15.2/src/controls/Private/qquicktooltip_p.h
Examining data/qtquickcontrols-opensource-src-5.15.2/src/controls/Private/qquicktreemodeladaptor.cpp
Examining data/qtquickcontrols-opensource-src-5.15.2/src/controls/Private/qquicktreemodeladaptor_p.h
Examining data/qtquickcontrols-opensource-src-5.15.2/src/controls/Private/qquickwheelarea.cpp
Examining data/qtquickcontrols-opensource-src-5.15.2/src/controls/Private/qquickwheelarea_p.h
Examining data/qtquickcontrols-opensource-src-5.15.2/src/controls/Styles/Android/plugin.cpp
Examining data/qtquickcontrols-opensource-src-5.15.2/src/controls/Styles/Android/qquickandroid9patch.cpp
Examining data/qtquickcontrols-opensource-src-5.15.2/src/controls/Styles/Android/qquickandroid9patch_p.h
Examining data/qtquickcontrols-opensource-src-5.15.2/src/controls/Styles/Android/qquickandroidstyle.cpp
Examining data/qtquickcontrols-opensource-src-5.15.2/src/controls/Styles/Android/qquickandroidstyle_p.h
Examining data/qtquickcontrols-opensource-src-5.15.2/src/controls/Styles/WinRT/plugin.cpp
Examining data/qtquickcontrols-opensource-src-5.15.2/src/controls/plugin.cpp
Examining data/qtquickcontrols-opensource-src-5.15.2/src/controls/plugin.h
Examining data/qtquickcontrols-opensource-src-5.15.2/src/controls/qquickaction.cpp
Examining data/qtquickcontrols-opensource-src-5.15.2/src/controls/qquickaction_p.h
Examining data/qtquickcontrols-opensource-src-5.15.2/src/controls/qquickdesktopiconprovider_p.h
Examining data/qtquickcontrols-opensource-src-5.15.2/src/controls/qquickexclusivegroup.cpp
Examining data/qtquickcontrols-opensource-src-5.15.2/src/controls/qquickexclusivegroup_p.h
Examining data/qtquickcontrols-opensource-src-5.15.2/src/controls/qquickmenu.cpp
Examining data/qtquickcontrols-opensource-src-5.15.2/src/controls/qquickmenu_p.h
Examining data/qtquickcontrols-opensource-src-5.15.2/src/controls/qquickmenubar.cpp
Examining data/qtquickcontrols-opensource-src-5.15.2/src/controls/qquickmenubar_p.h
Examining data/qtquickcontrols-opensource-src-5.15.2/src/controls/qquickmenuitem.cpp
Examining data/qtquickcontrols-opensource-src-5.15.2/src/controls/qquickmenuitem_p.h
Examining data/qtquickcontrols-opensource-src-5.15.2/src/controls/qquickmenuitemcontainer_p.h
Examining data/qtquickcontrols-opensource-src-5.15.2/src/controls/qquickmenupopupwindow.cpp
Examining data/qtquickcontrols-opensource-src-5.15.2/src/controls/qquickmenupopupwindow_p.h
Examining data/qtquickcontrols-opensource-src-5.15.2/src/controls/qquickpopupwindow.cpp
Examining data/qtquickcontrols-opensource-src-5.15.2/src/controls/qquickpopupwindow_p.h
Examining data/qtquickcontrols-opensource-src-5.15.2/src/controls/qquickselectionmode_p.h
Examining data/qtquickcontrols-opensource-src-5.15.2/src/controls/qquickstack.cpp
Examining data/qtquickcontrols-opensource-src-5.15.2/src/controls/qquickstack_p.h
Examining data/qtquickcontrols-opensource-src-5.15.2/src/dialogs/Private/dialogsprivateplugin.cpp
Examining data/qtquickcontrols-opensource-src-5.15.2/src/dialogs/Private/qquickfontlistmodel.cpp
Examining data/qtquickcontrols-opensource-src-5.15.2/src/dialogs/Private/qquickfontlistmodel_p.h
Examining data/qtquickcontrols-opensource-src-5.15.2/src/dialogs/Private/qquickwritingsystemlistmodel.cpp
Examining data/qtquickcontrols-opensource-src-5.15.2/src/dialogs/Private/qquickwritingsystemlistmodel_p.h
Examining data/qtquickcontrols-opensource-src-5.15.2/src/dialogs/plugin.cpp
Examining data/qtquickcontrols-opensource-src-5.15.2/src/dialogs/qquickabstractcolordialog.cpp
Examining data/qtquickcontrols-opensource-src-5.15.2/src/dialogs/qquickabstractcolordialog_p.h
Examining data/qtquickcontrols-opensource-src-5.15.2/src/dialogs/qquickabstractdialog.cpp
Examining data/qtquickcontrols-opensource-src-5.15.2/src/dialogs/qquickabstractdialog_p.h
Examining data/qtquickcontrols-opensource-src-5.15.2/src/dialogs/qquickabstractfiledialog.cpp
Examining data/qtquickcontrols-opensource-src-5.15.2/src/dialogs/qquickabstractfiledialog_p.h
Examining data/qtquickcontrols-opensource-src-5.15.2/src/dialogs/qquickabstractfontdialog.cpp
Examining data/qtquickcontrols-opensource-src-5.15.2/src/dialogs/qquickabstractfontdialog_p.h
Examining data/qtquickcontrols-opensource-src-5.15.2/src/dialogs/qquickabstractmessagedialog.cpp
Examining data/qtquickcontrols-opensource-src-5.15.2/src/dialogs/qquickabstractmessagedialog_p.h
Examining data/qtquickcontrols-opensource-src-5.15.2/src/dialogs/qquickcolordialog.cpp
Examining data/qtquickcontrols-opensource-src-5.15.2/src/dialogs/qquickcolordialog_p.h
Examining data/qtquickcontrols-opensource-src-5.15.2/src/dialogs/qquickdialog.cpp
Examining data/qtquickcontrols-opensource-src-5.15.2/src/dialogs/qquickdialog_p.h
Examining data/qtquickcontrols-opensource-src-5.15.2/src/dialogs/qquickdialogassets_p.h
Examining data/qtquickcontrols-opensource-src-5.15.2/src/dialogs/qquickfiledialog.cpp
Examining data/qtquickcontrols-opensource-src-5.15.2/src/dialogs/qquickfiledialog_p.h
Examining data/qtquickcontrols-opensource-src-5.15.2/src/dialogs/qquickfontdialog.cpp
Examining data/qtquickcontrols-opensource-src-5.15.2/src/dialogs/qquickfontdialog_p.h
Examining data/qtquickcontrols-opensource-src-5.15.2/src/dialogs/qquickmessagedialog.cpp
Examining data/qtquickcontrols-opensource-src-5.15.2/src/dialogs/qquickmessagedialog_p.h
Examining data/qtquickcontrols-opensource-src-5.15.2/src/dialogs/qquickplatformcolordialog.cpp
Examining data/qtquickcontrols-opensource-src-5.15.2/src/dialogs/qquickplatformcolordialog_p.h
Examining data/qtquickcontrols-opensource-src-5.15.2/src/dialogs/qquickplatformfiledialog.cpp
Examining data/qtquickcontrols-opensource-src-5.15.2/src/dialogs/qquickplatformfiledialog_p.h
Examining data/qtquickcontrols-opensource-src-5.15.2/src/dialogs/qquickplatformfontdialog.cpp
Examining data/qtquickcontrols-opensource-src-5.15.2/src/dialogs/qquickplatformfontdialog_p.h
Examining data/qtquickcontrols-opensource-src-5.15.2/src/dialogs/qquickplatformmessagedialog.cpp
Examining data/qtquickcontrols-opensource-src-5.15.2/src/dialogs/qquickplatformmessagedialog_p.h
Examining data/qtquickcontrols-opensource-src-5.15.2/src/extras/Private/qquickcircularprogressbar.cpp
Examining data/qtquickcontrols-opensource-src-5.15.2/src/extras/Private/qquickcircularprogressbar_p.h
Examining data/qtquickcontrols-opensource-src-5.15.2/src/extras/Private/qquickflatprogressbar.cpp
Examining data/qtquickcontrols-opensource-src-5.15.2/src/extras/Private/qquickflatprogressbar_p.h
Examining data/qtquickcontrols-opensource-src-5.15.2/src/extras/Private/qquickmathutils.cpp
Examining data/qtquickcontrols-opensource-src-5.15.2/src/extras/Private/qquickmathutils_p.h
Examining data/qtquickcontrols-opensource-src-5.15.2/src/extras/Private/qquickmousethief.cpp
Examining data/qtquickcontrols-opensource-src-5.15.2/src/extras/Private/qquickmousethief_p.h
Examining data/qtquickcontrols-opensource-src-5.15.2/src/extras/Styles/Flat/flatstyleplugin.cpp
Examining data/qtquickcontrols-opensource-src-5.15.2/src/extras/Styles/Flat/flatstyleplugin.h
Examining data/qtquickcontrols-opensource-src-5.15.2/src/extras/Styles/Flat/qquicktexthandle.cpp
Examining data/qtquickcontrols-opensource-src-5.15.2/src/extras/Styles/Flat/qquicktexthandle.h
Examining data/qtquickcontrols-opensource-src-5.15.2/src/extras/plugin.cpp
Examining data/qtquickcontrols-opensource-src-5.15.2/src/extras/plugin.h
Examining data/qtquickcontrols-opensource-src-5.15.2/src/extras/qquickpicture.cpp
Examining data/qtquickcontrols-opensource-src-5.15.2/src/extras/qquickpicture_p.h
Examining data/qtquickcontrols-opensource-src-5.15.2/src/extras/qquicktriggermode_p.h
Examining data/qtquickcontrols-opensource-src-5.15.2/src/widgets/qmessageboxhelper_p.h
Examining data/qtquickcontrols-opensource-src-5.15.2/src/widgets/qquickqcolordialog.cpp
Examining data/qtquickcontrols-opensource-src-5.15.2/src/widgets/qquickqcolordialog_p.h
Examining data/qtquickcontrols-opensource-src-5.15.2/src/widgets/qquickqfiledialog.cpp
Examining data/qtquickcontrols-opensource-src-5.15.2/src/widgets/qquickqfiledialog_p.h
Examining data/qtquickcontrols-opensource-src-5.15.2/src/widgets/qquickqfontdialog.cpp
Examining data/qtquickcontrols-opensource-src-5.15.2/src/widgets/qquickqfontdialog_p.h
Examining data/qtquickcontrols-opensource-src-5.15.2/src/widgets/qquickqmessagebox.cpp
Examining data/qtquickcontrols-opensource-src-5.15.2/src/widgets/qquickqmessagebox_p.h
Examining data/qtquickcontrols-opensource-src-5.15.2/src/widgets/widgetsplugin.cpp
Examining data/qtquickcontrols-opensource-src-5.15.2/tests/auto/activeFocusOnTab/tst_activeFocusOnTab.cpp
Examining data/qtquickcontrols-opensource-src-5.15.2/tests/auto/applicationwindow/tst_applicationwindow.cpp
Examining data/qtquickcontrols-opensource-src-5.15.2/tests/auto/controls/tst_controls.cpp
Examining data/qtquickcontrols-opensource-src-5.15.2/tests/auto/customcontrolsstyle/tst_customcontrolsstyle.cpp
Examining data/qtquickcontrols-opensource-src-5.15.2/tests/auto/dialogs/tst_dialogs.cpp
Examining data/qtquickcontrols-opensource-src-5.15.2/tests/auto/extras/tst_extras.cpp
Examining data/qtquickcontrols-opensource-src-5.15.2/tests/auto/qquicktreemodeladaptor/tst_qquicktreemodeladaptor.cpp
Examining data/qtquickcontrols-opensource-src-5.15.2/tests/auto/shared/testmodel.h
Examining data/qtquickcontrols-opensource-src-5.15.2/tests/auto/shared/util.cpp
Examining data/qtquickcontrols-opensource-src-5.15.2/tests/auto/shared/util.h
Examining data/qtquickcontrols-opensource-src-5.15.2/tests/auto/shared/visualtestutil.cpp
Examining data/qtquickcontrols-opensource-src-5.15.2/tests/auto/shared/visualtestutil.h
Examining data/qtquickcontrols-opensource-src-5.15.2/tests/auto/testplugin/testcppmodels.h
Examining data/qtquickcontrols-opensource-src-5.15.2/tests/auto/testplugin/testplugin.cpp
Examining data/qtquickcontrols-opensource-src-5.15.2/tests/auto/testplugin/testplugin.h
Examining data/qtquickcontrols-opensource-src-5.15.2/tests/benchmarks/objectcount/tst_objectcount.cpp
Examining data/qtquickcontrols-opensource-src-5.15.2/tests/benchmarks/startup/startup_bench.cpp
Examining data/qtquickcontrols-opensource-src-5.15.2/tests/benchmarks/statusindicator/tst_statusindicator.cpp
Examining data/qtquickcontrols-opensource-src-5.15.2/tests/manual/combobox/main.cpp
Examining data/qtquickcontrols-opensource-src-5.15.2/tests/manual/tableviewmodels/main.cpp
Examining data/qtquickcontrols-opensource-src-5.15.2/tests/manual/tableviewmodels/testmodel.cpp
Examining data/qtquickcontrols-opensource-src-5.15.2/tests/manual/tableviewmodels/testmodel.h
Examining data/qtquickcontrols-opensource-src-5.15.2/tests/manual/texthandles/main.cpp
Examining data/qtquickcontrols-opensource-src-5.15.2/tests/manual/viewinqwidget/main.cpp
Examining data/qtquickcontrols-opensource-src-5.15.2/tests/manual/workshop/src/main.cpp
Examining data/qtquickcontrols-opensource-src-5.15.2/tests/shared/qt_quick_controls_quicktest.h
Examining data/qtquickcontrols-opensource-src-5.15.2/tests/shared/qt_quick_controls_testapp.h
FINAL RESULTS:
data/qtquickcontrols-opensource-src-5.15.2/examples/quickcontrols/controls/filesystembrowser/main.cpp:123:42: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
return QVariant(QLocale::system().toString(fileInfo(index).lastModified(), QLocale::ShortFormat));
data/qtquickcontrols-opensource-src-5.15.2/examples/quickcontrols/controls/calendar/src/sqleventmodel.cpp:99:13: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!db.open()) {
data/qtquickcontrols-opensource-src-5.15.2/examples/quickcontrols/controls/texteditor/src/documenthandler.cpp:90:22: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (file.open(QFile::ReadOnly)) {
data/qtquickcontrols-opensource-src-5.15.2/examples/quickcontrols/controls/texteditor/src/documenthandler.cpp:140:12: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!f.open(QFile::WriteOnly | QFile::Truncate | (isHtml ? QFile::NotOpen : QFile::Text))) {
data/qtquickcontrols-opensource-src-5.15.2/src/controls/Styles/Android/qquickandroidstyle.cpp:49:14: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (file.open(QFile::ReadOnly | QFile::Text))
data/qtquickcontrols-opensource-src-5.15.2/src/dialogs/qquickabstractdialog_p.h:123:10: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
void open() { setVisible(true); }
ANALYSIS SUMMARY:
Hits = 6
Lines analyzed = 29010 in approximately 0.94 seconds (30716 lines/second)
Physical Source Lines of Code (SLOC) = 15646
Hits@level = [0] 2 [1] 0 [2] 5 [3] 0 [4] 1 [5] 0
Hits@level+ = [0+] 8 [1+] 6 [2+] 6 [3+] 1 [4+] 1 [5+] 0
Hits/KSLOC@level+ = [0+] 0.511313 [1+] 0.383485 [2+] 0.383485 [3+] 0.0639141 [4+] 0.0639141 [5+] 0
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.