Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/qtwebview-opensource-src-5.15.2/examples/webview/minibrowser/main.cpp
Examining data/qtwebview-opensource-src-5.15.2/include/QtWebView/5.15.2/QtWebView/private/qabstractwebview_p.h
Examining data/qtwebview-opensource-src-5.15.2/include/QtWebView/5.15.2/QtWebView/private/qnativeviewcontroller_p.h
Examining data/qtwebview-opensource-src-5.15.2/include/QtWebView/5.15.2/QtWebView/private/qquickviewcontroller_p.h
Examining data/qtwebview-opensource-src-5.15.2/include/QtWebView/5.15.2/QtWebView/private/qquickwebview_p.h
Examining data/qtwebview-opensource-src-5.15.2/include/QtWebView/5.15.2/QtWebView/private/qquickwebviewloadrequest_p.h
Examining data/qtwebview-opensource-src-5.15.2/include/QtWebView/5.15.2/QtWebView/private/qwebview_p.h
Examining data/qtwebview-opensource-src-5.15.2/include/QtWebView/5.15.2/QtWebView/private/qwebviewfactory_p.h
Examining data/qtwebview-opensource-src-5.15.2/include/QtWebView/5.15.2/QtWebView/private/qwebviewinterface_p.h
Examining data/qtwebview-opensource-src-5.15.2/include/QtWebView/5.15.2/QtWebView/private/qwebviewloadrequest_p.h
Examining data/qtwebview-opensource-src-5.15.2/include/QtWebView/5.15.2/QtWebView/private/qwebviewplugin_p.h
Examining data/qtwebview-opensource-src-5.15.2/include/QtWebView/qtwebviewfunctions.h
Examining data/qtwebview-opensource-src-5.15.2/include/QtWebView/qtwebviewversion.h
Examining data/qtwebview-opensource-src-5.15.2/include/QtWebView/qwebview_global.h
Examining data/qtwebview-opensource-src-5.15.2/src/imports/webview.cpp
Examining data/qtwebview-opensource-src-5.15.2/src/plugins/android/qandroidwebview.cpp
Examining data/qtwebview-opensource-src-5.15.2/src/plugins/android/qandroidwebview_p.h
Examining data/qtwebview-opensource-src-5.15.2/src/plugins/android/qandroidwebviewplugin.cpp
Examining data/qtwebview-opensource-src-5.15.2/src/plugins/darwin/qdarwinwebview_p.h
Examining data/qtwebview-opensource-src-5.15.2/src/plugins/darwin/qdarwinwebviewplugin.cpp
Examining data/qtwebview-opensource-src-5.15.2/src/plugins/webengine/qwebenginewebview.cpp
Examining data/qtwebview-opensource-src-5.15.2/src/plugins/webengine/qwebenginewebview_p.h
Examining data/qtwebview-opensource-src-5.15.2/src/plugins/webengine/qwebenginewebviewplugin.cpp
Examining data/qtwebview-opensource-src-5.15.2/src/plugins/winrt/qwinrtwebview.cpp
Examining data/qtwebview-opensource-src-5.15.2/src/plugins/winrt/qwinrtwebview_p.h
Examining data/qtwebview-opensource-src-5.15.2/src/plugins/winrt/qwinrtwebviewplugin.cpp
Examining data/qtwebview-opensource-src-5.15.2/src/webview/qabstractwebview_p.h
Examining data/qtwebview-opensource-src-5.15.2/src/webview/qnativeviewcontroller_p.h
Examining data/qtwebview-opensource-src-5.15.2/src/webview/qquickviewcontroller.cpp
Examining data/qtwebview-opensource-src-5.15.2/src/webview/qquickviewcontroller_p.h
Examining data/qtwebview-opensource-src-5.15.2/src/webview/qquickwebview.cpp
Examining data/qtwebview-opensource-src-5.15.2/src/webview/qquickwebview_p.h
Examining data/qtwebview-opensource-src-5.15.2/src/webview/qquickwebviewloadrequest.cpp
Examining data/qtwebview-opensource-src-5.15.2/src/webview/qquickwebviewloadrequest_p.h
Examining data/qtwebview-opensource-src-5.15.2/src/webview/qtwebviewfunctions.cpp
Examining data/qtwebview-opensource-src-5.15.2/src/webview/qtwebviewfunctions.h
Examining data/qtwebview-opensource-src-5.15.2/src/webview/qwebview.cpp
Examining data/qtwebview-opensource-src-5.15.2/src/webview/qwebview_global.h
Examining data/qtwebview-opensource-src-5.15.2/src/webview/qwebview_p.h
Examining data/qtwebview-opensource-src-5.15.2/src/webview/qwebviewfactory.cpp
Examining data/qtwebview-opensource-src-5.15.2/src/webview/qwebviewfactory_p.h
Examining data/qtwebview-opensource-src-5.15.2/src/webview/qwebviewinterface_p.h
Examining data/qtwebview-opensource-src-5.15.2/src/webview/qwebviewloadrequest.cpp
Examining data/qtwebview-opensource-src-5.15.2/src/webview/qwebviewloadrequest_p.h
Examining data/qtwebview-opensource-src-5.15.2/src/webview/qwebviewplugin.cpp
Examining data/qtwebview-opensource-src-5.15.2/src/webview/qwebviewplugin_p.h
Examining data/qtwebview-opensource-src-5.15.2/tests/auto/qml/qquickwebview/tst_qquickwebview.cpp
Examining data/qtwebview-opensource-src-5.15.2/tests/auto/qml/shared/qt_webview_quicktest.h
Examining data/qtwebview-opensource-src-5.15.2/tests/auto/qml/shared/testwindow.h
Examining data/qtwebview-opensource-src-5.15.2/tests/auto/qml/shared/util.h
Examining data/qtwebview-opensource-src-5.15.2/tests/auto/webview/qwebview/tst_qwebview.cpp
FINAL RESULTS:
data/qtwebview-opensource-src-5.15.2/src/plugins/winrt/qwinrtwebview.cpp:386:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[255];
data/qtwebview-opensource-src-5.15.2/tests/auto/webview/qwebview/tst_qwebview.cpp:94:19: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
QVERIFY2(file.open(),
data/qtwebview-opensource-src-5.15.2/tests/auto/webview/qwebview/tst_qwebview.cpp:154:23: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
QVERIFY2(file.open(),
ANALYSIS SUMMARY:
Hits = 3
Lines analyzed = 5497 in approximately 0.19 seconds (28817 lines/second)
Physical Source Lines of Code (SLOC) = 3081
Hits@level = [0] 0 [1] 0 [2] 3 [3] 0 [4] 0 [5] 0
Hits@level+ = [0+] 3 [1+] 3 [2+] 3 [3+] 0 [4+] 0 [5+] 0
Hits/KSLOC@level+ = [0+] 0.97371 [1+] 0.97371 [2+] 0.97371 [3+] 0 [4+] 0 [5+] 0
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.