Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/ricochet-im-1.1.4/config.tests/mingw-64aslr/test.cpp
Examining data/ricochet-im-1.1.4/config.tests/sanitize-ubsan-more/test.cpp
Examining data/ricochet-im-1.1.4/config.tests/sanitize-ubsan/test.cpp
Examining data/ricochet-im-1.1.4/config.tests/sanitize/test.cpp
Examining data/ricochet-im-1.1.4/config.tests/stack-protector-strong/test.cpp
Examining data/ricochet-im-1.1.4/config.tests/stack-protector/test.cpp
Examining data/ricochet-im-1.1.4/config.tests/vtable-verify/test.cpp
Examining data/ricochet-im-1.1.4/src/core/ContactIDValidator.cpp
Examining data/ricochet-im-1.1.4/src/core/ContactIDValidator.h
Examining data/ricochet-im-1.1.4/src/core/ContactUser.cpp
Examining data/ricochet-im-1.1.4/src/core/ContactUser.h
Examining data/ricochet-im-1.1.4/src/core/ContactsManager.cpp
Examining data/ricochet-im-1.1.4/src/core/ContactsManager.h
Examining data/ricochet-im-1.1.4/src/core/ConversationModel.cpp
Examining data/ricochet-im-1.1.4/src/core/ConversationModel.h
Examining data/ricochet-im-1.1.4/src/core/IdentityManager.cpp
Examining data/ricochet-im-1.1.4/src/core/IdentityManager.h
Examining data/ricochet-im-1.1.4/src/core/IncomingRequestManager.cpp
Examining data/ricochet-im-1.1.4/src/core/IncomingRequestManager.h
Examining data/ricochet-im-1.1.4/src/core/OutgoingContactRequest.cpp
Examining data/ricochet-im-1.1.4/src/core/OutgoingContactRequest.h
Examining data/ricochet-im-1.1.4/src/core/UserIdentity.cpp
Examining data/ricochet-im-1.1.4/src/core/UserIdentity.h
Examining data/ricochet-im-1.1.4/src/main.cpp
Examining data/ricochet-im-1.1.4/src/protocol/AuthHiddenServiceChannel.cpp
Examining data/ricochet-im-1.1.4/src/protocol/AuthHiddenServiceChannel.h
Examining data/ricochet-im-1.1.4/src/protocol/Channel.cpp
Examining data/ricochet-im-1.1.4/src/protocol/Channel.h
Examining data/ricochet-im-1.1.4/src/protocol/Channel_p.h
Examining data/ricochet-im-1.1.4/src/protocol/ChatChannel.cpp
Examining data/ricochet-im-1.1.4/src/protocol/ChatChannel.h
Examining data/ricochet-im-1.1.4/src/protocol/Connection.cpp
Examining data/ricochet-im-1.1.4/src/protocol/Connection.h
Examining data/ricochet-im-1.1.4/src/protocol/Connection_p.h
Examining data/ricochet-im-1.1.4/src/protocol/ContactRequestChannel.cpp
Examining data/ricochet-im-1.1.4/src/protocol/ContactRequestChannel.h
Examining data/ricochet-im-1.1.4/src/protocol/ControlChannel.cpp
Examining data/ricochet-im-1.1.4/src/protocol/ControlChannel.h
Examining data/ricochet-im-1.1.4/src/protocol/OutboundConnector.cpp
Examining data/ricochet-im-1.1.4/src/protocol/OutboundConnector.h
Examining data/ricochet-im-1.1.4/src/tor/AddOnionCommand.cpp
Examining data/ricochet-im-1.1.4/src/tor/AddOnionCommand.h
Examining data/ricochet-im-1.1.4/src/tor/AuthenticateCommand.cpp
Examining data/ricochet-im-1.1.4/src/tor/AuthenticateCommand.h
Examining data/ricochet-im-1.1.4/src/tor/GetConfCommand.cpp
Examining data/ricochet-im-1.1.4/src/tor/GetConfCommand.h
Examining data/ricochet-im-1.1.4/src/tor/HiddenService.cpp
Examining data/ricochet-im-1.1.4/src/tor/HiddenService.h
Examining data/ricochet-im-1.1.4/src/tor/ProtocolInfoCommand.cpp
Examining data/ricochet-im-1.1.4/src/tor/ProtocolInfoCommand.h
Examining data/ricochet-im-1.1.4/src/tor/SetConfCommand.cpp
Examining data/ricochet-im-1.1.4/src/tor/SetConfCommand.h
Examining data/ricochet-im-1.1.4/src/tor/TorControl.cpp
Examining data/ricochet-im-1.1.4/src/tor/TorControl.h
Examining data/ricochet-im-1.1.4/src/tor/TorControlCommand.cpp
Examining data/ricochet-im-1.1.4/src/tor/TorControlCommand.h
Examining data/ricochet-im-1.1.4/src/tor/TorControlSocket.cpp
Examining data/ricochet-im-1.1.4/src/tor/TorControlSocket.h
Examining data/ricochet-im-1.1.4/src/tor/TorManager.cpp
Examining data/ricochet-im-1.1.4/src/tor/TorManager.h
Examining data/ricochet-im-1.1.4/src/tor/TorProcess.cpp
Examining data/ricochet-im-1.1.4/src/tor/TorProcess.h
Examining data/ricochet-im-1.1.4/src/tor/TorProcess_p.h
Examining data/ricochet-im-1.1.4/src/tor/TorSocket.cpp
Examining data/ricochet-im-1.1.4/src/tor/TorSocket.h
Examining data/ricochet-im-1.1.4/src/ui/ContactsModel.cpp
Examining data/ricochet-im-1.1.4/src/ui/ContactsModel.h
Examining data/ricochet-im-1.1.4/src/ui/LanguagesModel.cpp
Examining data/ricochet-im-1.1.4/src/ui/LanguagesModel.h
Examining data/ricochet-im-1.1.4/src/ui/LinkedText.cpp
Examining data/ricochet-im-1.1.4/src/ui/LinkedText.h
Examining data/ricochet-im-1.1.4/src/ui/MainWindow.cpp
Examining data/ricochet-im-1.1.4/src/ui/MainWindow.h
Examining data/ricochet-im-1.1.4/src/utils/CryptoKey.cpp
Examining data/ricochet-im-1.1.4/src/utils/CryptoKey.h
Examining data/ricochet-im-1.1.4/src/utils/PendingOperation.cpp
Examining data/ricochet-im-1.1.4/src/utils/PendingOperation.h
Examining data/ricochet-im-1.1.4/src/utils/SecureRNG.cpp
Examining data/ricochet-im-1.1.4/src/utils/SecureRNG.h
Examining data/ricochet-im-1.1.4/src/utils/Settings.cpp
Examining data/ricochet-im-1.1.4/src/utils/Settings.h
Examining data/ricochet-im-1.1.4/src/utils/StringUtil.cpp
Examining data/ricochet-im-1.1.4/src/utils/StringUtil.h
Examining data/ricochet-im-1.1.4/src/utils/Useful.h
Examining data/ricochet-im-1.1.4/tests/tst_cryptokey/tst_cryptokey.cpp
FINAL RESULTS:
data/ricochet-im-1.1.4/src/main.cpp:332:31: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
QLocale locale = QLocale::system();
data/ricochet-im-1.1.4/src/protocol/AuthHiddenServiceChannel.cpp:134:34: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
d->serverCookie = SecureRNG::random(16);
data/ricochet-im-1.1.4/src/protocol/AuthHiddenServiceChannel.cpp:153:34: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
d->clientCookie = SecureRNG::random(16);
data/ricochet-im-1.1.4/src/utils/CryptoKey.cpp:332:34: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
QByteArray salt = SecureRNG::random(8);
data/ricochet-im-1.1.4/src/utils/SecureRNG.cpp:96:17: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
void SecureRNG::random(char *buf, int size)
data/ricochet-im-1.1.4/src/utils/SecureRNG.cpp:103:23: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
QByteArray SecureRNG::random(int size)
data/ricochet-im-1.1.4/src/utils/SecureRNG.cpp:106:5: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
random(re.data(), size);
data/ricochet-im-1.1.4/src/utils/SecureRNG.cpp:125:9: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
random(reinterpret_cast<char*>(&value), sizeof(value));
data/ricochet-im-1.1.4/src/utils/SecureRNG.cpp:142:9: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
random(reinterpret_cast<char*>(value), sizeof(value));
data/ricochet-im-1.1.4/src/utils/SecureRNG.h:43:17: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
static void random(char *buf, int size);
data/ricochet-im-1.1.4/src/utils/SecureRNG.h:44:23: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
static QByteArray random(int size);
data/ricochet-im-1.1.4/src/tor/TorControl.cpp:340:22: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (file.open(QIODevice::ReadOnly))
data/ricochet-im-1.1.4/src/tor/TorControl.cpp:659:19: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!file.open(QIODevice::WriteOnly | QIODevice::Text)) {
data/ricochet-im-1.1.4/src/tor/TorManager.cpp:316:15: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!file.open(QIODevice::WriteOnly))
data/ricochet-im-1.1.4/src/tor/TorProcess.cpp:227:20: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!torrc.open(QIODevice::ReadWrite)) {
data/ricochet-im-1.1.4/src/tor/TorProcess.cpp:287:14: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (file.open(QIODevice::ReadOnly)) {
data/ricochet-im-1.1.4/src/ui/MainWindow.cpp:166:10: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
file.open(QIODevice::ReadOnly);
data/ricochet-im-1.1.4/src/utils/CryptoKey.cpp:117:15: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!file.open(QIODevice::ReadOnly))
data/ricochet-im-1.1.4/src/utils/CryptoKey.cpp:349:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char md[20];
data/ricochet-im-1.1.4/src/utils/SecureRNG.cpp:68:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[32];
data/ricochet-im-1.1.4/src/utils/Settings.cpp:195:15: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!file.open(QIODevice::ReadWrite)) {
data/ricochet-im-1.1.4/src/utils/Settings.cpp:232:15: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!file.open(QIODevice::WriteOnly | QIODevice::Truncate)) {
data/ricochet-im-1.1.4/src/core/ContactUser.cpp:83:21: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (m_settings->read("request.status") != QJsonValue::Undefined) {
data/ricochet-im-1.1.4/src/core/ContactUser.cpp:113:28: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
} else if (settings()->read("rejected").toBool()) {
data/ricochet-im-1.1.4/src/core/ContactUser.cpp:115:28: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
} else if (settings()->read("sentUpgradeNotification").toBool()) {
data/ricochet-im-1.1.4/src/core/ContactUser.cpp:182:33: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (m_settings->read("sentUpgradeNotification").toBool())
data/ricochet-im-1.1.4/src/core/ContactUser.cpp:184:49: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
QByteArray secret = m_settings->read<Base64Encode>("remoteSecret");
data/ricochet-im-1.1.4/src/core/ContactUser.cpp:233:22: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (!m_settings->read("sentUpgradeNotification").isNull())
data/ricochet-im-1.1.4/src/core/ContactUser.cpp:241:21: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (m_settings->read("rejected").toBool()) {
data/ricochet-im-1.1.4/src/core/ContactUser.cpp:286:24: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
return m_settings->read("nickname").toString();
data/ricochet-im-1.1.4/src/core/ContactUser.cpp:296:24: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
return m_settings->read("hostname").toString();
data/ricochet-im-1.1.4/src/core/ContactUser.cpp:301:24: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
return m_settings->read("port", 9878).toInt();
data/ricochet-im-1.1.4/src/core/ContactsManager.cpp:136:42: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (secret == (*it)->settings()->read<Base64Encode>("localSecret"))
data/ricochet-im-1.1.4/src/core/IdentityManager.cpp:72:18: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (settings.read("identity") != QJsonValue::Undefined)
data/ricochet-im-1.1.4/src/core/IncomingRequestManager.cpp:172:38: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
QJsonArray blacklist = settings->read<QJsonArray>("hostnameBlacklist");
data/ricochet-im-1.1.4/src/core/IncomingRequestManager.cpp:181:60: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
QJsonArray blacklist = contacts->identity->settings()->read<QJsonArray>("hostnameBlacklist");
data/ricochet-im-1.1.4/src/core/IncomingRequestManager.cpp:208:26: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
setNickname(settings.read("nickname").toString());
data/ricochet-im-1.1.4/src/core/IncomingRequestManager.cpp:209:25: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
setMessage(settings.read("message").toString());
data/ricochet-im-1.1.4/src/core/IncomingRequestManager.cpp:211:30: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
m_requestDate = settings.read<QDateTime>("requestDate");
data/ricochet-im-1.1.4/src/core/IncomingRequestManager.cpp:212:34: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
m_lastRequestDate = settings.read<QDateTime>("lastRequestDate");
data/ricochet-im-1.1.4/src/core/OutgoingContactRequest.cpp:73:24: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
return m_settings->read("myNickname").toString();
data/ricochet-im-1.1.4/src/core/OutgoingContactRequest.cpp:78:24: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
return m_settings->read("message").toString();
data/ricochet-im-1.1.4/src/core/OutgoingContactRequest.cpp:83:44: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
return static_cast<Status>(m_settings->read("status").toInt());
data/ricochet-im-1.1.4/src/core/OutgoingContactRequest.cpp:88:24: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
return m_settings->read("rejectMessage").toString();
data/ricochet-im-1.1.4/src/core/UserIdentity.cpp:82:35: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
QString keyData = m_settings->read("serviceKey").toString();
data/ricochet-im-1.1.4/src/core/UserIdentity.cpp:83:37: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
QString legacyDir = m_settings->read("dataDirectory").toString();
data/ricochet-im-1.1.4/src/core/UserIdentity.cpp:105:29: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
} else if (!m_settings->read("initializing").toBool()) {
data/ricochet-im-1.1.4/src/core/UserIdentity.cpp:123:38: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
QHostAddress address(m_settings->read("localListenAddress").toString());
data/ricochet-im-1.1.4/src/core/UserIdentity.cpp:126:41: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
quint16 port = (quint16)m_settings->read("localListenPort").toInt();
data/ricochet-im-1.1.4/src/core/UserIdentity.cpp:158:24: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
return m_settings->read("nickname").toString();
data/ricochet-im-1.1.4/src/main.cpp:339:39: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
QString settingsLanguage(settings.read("ui.language").toString());
data/ricochet-im-1.1.4/src/protocol/Connection.cpp:242:25: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (socket->read(reinterpret_cast<char*>(&version), 1) < 1) {
data/ricochet-im-1.1.4/src/protocol/Connection.cpp:282:26: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
re = socket->read(reinterpret_cast<char*>(intro), sizeof(intro));
data/ricochet-im-1.1.4/src/protocol/Connection.cpp:285:26: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
re = socket->read(versions.data(), versions.size());
data/ricochet-im-1.1.4/src/protocol/Connection.cpp:350:22: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
re = socket->read(reinterpret_cast<char*>(header), PacketHeaderSize);
data/ricochet-im-1.1.4/src/protocol/Connection.cpp:365:47: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
re = (data.size() == 0) ? 0 : socket->read(data.data(), data.size());
data/ricochet-im-1.1.4/src/tor/TorControl.cpp:403:40: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
QHostAddress forceAddress(settings.read("socksAddress").toString());
data/ricochet-im-1.1.4/src/tor/TorControl.cpp:404:38: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
quint16 port = (quint16)settings.read("socksPort").toInt();
data/ricochet-im-1.1.4/src/tor/TorControl.cpp:476:18: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (settings.read("neverPublishServices").toBool())
data/ricochet-im-1.1.4/src/tor/TorManager.cpp:153:19: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (!settings.read("controlPort").isUndefined() ||
data/ricochet-im-1.1.4/src/tor/TorManager.cpp:156:39: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
QHostAddress address(settings.read("controlAddress").toString());
data/ricochet-im-1.1.4/src/tor/TorManager.cpp:157:42: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
quint16 port = (quint16)settings.read("controlPort").toInt();
data/ricochet-im-1.1.4/src/tor/TorManager.cpp:158:40: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
QByteArray password = settings.read("controlPassword").toString().toLatin1();
data/ricochet-im-1.1.4/src/tor/TorManager.cpp:277:29: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
QString path = settings.read("executablePath").toString();
data/ricochet-im-1.1.4/src/utils/Settings.cpp:67:16: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
QJsonValue read(const QJsonObject &base, const QStringList &path);
data/ricochet-im-1.1.4/src/utils/Settings.cpp:272:33: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
QJsonValue SettingsFilePrivate::read(const QJsonObject &base, const QStringList &path)
data/ricochet-im-1.1.4/src/utils/Settings.cpp:448:23: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
object = file->d->read(file->d->jsonRoot, path).toObject();
data/ricochet-im-1.1.4/src/utils/Settings.cpp:490:33: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
d->object = d->file->d->read(d->file->d->jsonRoot, d->path).toObject();
data/ricochet-im-1.1.4/src/utils/Settings.cpp:511:28: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
QJsonValue SettingsObject::read(const QString &key, const QJsonValue &defaultValue) const
data/ricochet-im-1.1.4/src/utils/Settings.cpp:520:34: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
QJsonValue ret = d->file->d->read(d->object, splitKey);
data/ricochet-im-1.1.4/src/utils/Settings.h:146:28: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
Q_INVOKABLE QJsonValue read(const QString &key, const QJsonValue &defaultValue = QJsonValue::Undefined) const;
data/ricochet-im-1.1.4/src/utils/Settings.h:147:28: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
template<typename T> T read(const QString &key) const;
data/ricochet-im-1.1.4/src/utils/Settings.h:153:16: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
QJsonValue read(const char *key, const QJsonValue &defaultValue = QJsonValue::Undefined) const
data/ricochet-im-1.1.4/src/utils/Settings.h:155:16: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
return read(QString::fromLatin1(key), defaultValue);
data/ricochet-im-1.1.4/src/utils/Settings.h:157:28: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
template<typename T> T read(const char *key) const
data/ricochet-im-1.1.4/src/utils/Settings.h:159:16: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
return read<T>(QString::fromLatin1(key));
data/ricochet-im-1.1.4/src/utils/Settings.h:191:43: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
template<> inline QString SettingsObject::read<QString>(const QString &key) const
data/ricochet-im-1.1.4/src/utils/Settings.h:193:12: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
return read(key).toString();
data/ricochet-im-1.1.4/src/utils/Settings.h:196:46: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
template<> inline QJsonArray SettingsObject::read<QJsonArray>(const QString &key) const
data/ricochet-im-1.1.4/src/utils/Settings.h:198:12: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
return read(key).toArray();
data/ricochet-im-1.1.4/src/utils/Settings.h:201:47: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
template<> inline QJsonObject SettingsObject::read<QJsonObject>(const QString &key) const
data/ricochet-im-1.1.4/src/utils/Settings.h:203:12: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
return read(key).toObject();
data/ricochet-im-1.1.4/src/utils/Settings.h:206:42: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
template<> inline double SettingsObject::read<double>(const QString &key) const
data/ricochet-im-1.1.4/src/utils/Settings.h:208:12: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
return read(key).toDouble();
data/ricochet-im-1.1.4/src/utils/Settings.h:211:39: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
template<> inline int SettingsObject::read<int>(const QString &key) const
data/ricochet-im-1.1.4/src/utils/Settings.h:213:12: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
return read(key).toInt();
data/ricochet-im-1.1.4/src/utils/Settings.h:216:40: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
template<> inline bool SettingsObject::read<bool>(const QString &key) const
data/ricochet-im-1.1.4/src/utils/Settings.h:218:12: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
return read(key).toBool();
data/ricochet-im-1.1.4/src/utils/Settings.h:221:45: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
template<> inline QDateTime SettingsObject::read<QDateTime>(const QString &key) const
data/ricochet-im-1.1.4/src/utils/Settings.h:223:21: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
QString value = read(key).toString();
data/ricochet-im-1.1.4/src/utils/Settings.h:246:48: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
template<> inline Base64Encode SettingsObject::read<Base64Encode>(const QString &key) const
data/ricochet-im-1.1.4/src/utils/Settings.h:248:48: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
return Base64Encode(QByteArray::fromBase64(read(key).toString().toLatin1()));
ANALYSIS SUMMARY:
Hits = 92
Lines analyzed = 13639 in approximately 0.41 seconds (33213 lines/second)
Physical Source Lines of Code (SLOC) = 8345
Hits@level = [0] 0 [1] 70 [2] 11 [3] 10 [4] 1 [5] 0
Hits@level+ = [0+] 92 [1+] 92 [2+] 22 [3+] 11 [4+] 1 [5+] 0
Hits/KSLOC@level+ = [0+] 11.0246 [1+] 11.0246 [2+] 2.63631 [3+] 1.31815 [4+] 0.119832 [5+] 0
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.