Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/sasm-3.11.1/watchsettingswidget.cpp
Examining data/sasm-3.11.1/masm.cpp
Examining data/sasm-3.11.1/assembler.cpp
Examining data/sasm-3.11.1/fasm.h
Examining data/sasm-3.11.1/common.h
Examining data/sasm-3.11.1/gas.h
Examining data/sasm-3.11.1/codeeditor.cpp
Examining data/sasm-3.11.1/tab.cpp
Examining data/sasm-3.11.1/common.cpp
Examining data/sasm-3.11.1/signallocker.cpp
Examining data/sasm-3.11.1/nasm.cpp
Examining data/sasm-3.11.1/ruqplaintextedit.cpp
Examining data/sasm-3.11.1/debugtablewidget.cpp
Examining data/sasm-3.11.1/gas.cpp
Examining data/sasm-3.11.1/mainwindow.h
Examining data/sasm-3.11.1/watchsettingswidget.h
Examining data/sasm-3.11.1/assembler.h
Examining data/sasm-3.11.1/nasm.h
Examining data/sasm-3.11.1/debuganycommandwidget.cpp
Examining data/sasm-3.11.1/Linux/share/sasm/NASM/macro.c
Examining data/sasm-3.11.1/ruqplaintextedit.h
Examining data/sasm-3.11.1/BSD/share/sasm/NASM/macro.c
Examining data/sasm-3.11.1/main.cpp
Examining data/sasm-3.11.1/debuganycommandwidget.h
Examining data/sasm-3.11.1/getstartedwidget.cpp
Examining data/sasm-3.11.1/gccbasedassembler.h
Examining data/sasm-3.11.1/highlighter.cpp
Examining data/sasm-3.11.1/gccbasedassembler.cpp
Examining data/sasm-3.11.1/mainwindow.cpp
Examining data/sasm-3.11.1/ruqtextedit.cpp
Examining data/sasm-3.11.1/ruqtextedit.h
Examining data/sasm-3.11.1/debugger.cpp
Examining data/sasm-3.11.1/finddialog.cpp
Examining data/sasm-3.11.1/getstartedwidget.h
Examining data/sasm-3.11.1/finddialog.h
Examining data/sasm-3.11.1/singleapplication/qtlockedfile_unix.cpp
Examining data/sasm-3.11.1/singleapplication/qtlocalpeer.h
Examining data/sasm-3.11.1/singleapplication/qtlockedfile_win.cpp
Examining data/sasm-3.11.1/singleapplication/qtsingleapplication.cpp
Examining data/sasm-3.11.1/singleapplication/qtlockedfile.cpp
Examining data/sasm-3.11.1/singleapplication/qtsingleapplication.h
Examining data/sasm-3.11.1/singleapplication/qtlocalpeer.cpp
Examining data/sasm-3.11.1/singleapplication/qtlockedfile.h
Examining data/sasm-3.11.1/tab.h
Examining data/sasm-3.11.1/masm.h
Examining data/sasm-3.11.1/highlighter.h
Examining data/sasm-3.11.1/signallocker.h
Examining data/sasm-3.11.1/fasm.cpp
Examining data/sasm-3.11.1/debugger.h
Examining data/sasm-3.11.1/debugtablewidget.h
Examining data/sasm-3.11.1/codeeditor.h
FINAL RESULTS:
data/sasm-3.11.1/BSD/share/sasm/NASM/macro.c:5:37: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
void sasm_replace_stdin(void) {dup2(open("input.txt",0),0);}
data/sasm-3.11.1/Linux/share/sasm/NASM/macro.c:5:37: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
void sasm_replace_stdin(void) {dup2(open("input.txt",0),0);}
data/sasm-3.11.1/debugger.cpp:561:13: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (lst.open(QIODevice::ReadOnly)) {
data/sasm-3.11.1/debugger.cpp:580:13: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
lst.open(QIODevice::ReadOnly);
data/sasm-3.11.1/fasm.cpp:82:9: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
lst.open(QFile::ReadOnly);
data/sasm-3.11.1/fasm.cpp:106:9: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
lst.open(QFile::ReadOnly);
data/sasm-3.11.1/fasm.cpp:125:17: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
programFile.open(QFile::ReadOnly);
data/sasm-3.11.1/mainwindow.cpp:945:13: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
logFile.open(QIODevice::ReadOnly);
data/sasm-3.11.1/mainwindow.cpp:971:21: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
logFile.open(QIODevice::ReadOnly);
data/sasm-3.11.1/mainwindow.cpp:985:21: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
logFile.open(QIODevice::ReadOnly);
data/sasm-3.11.1/mainwindow.cpp:2210:14: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
helpFile.open(QFile::ReadOnly);
data/sasm-3.11.1/masm.cpp:218:17: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
programFile.open(QFile::ReadOnly);
data/sasm-3.11.1/nasm.cpp:136:17: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
programFile.open(QFile::ReadOnly);
data/sasm-3.11.1/singleapplication/qtlocalpeer.cpp:108:14: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
lockFile.open(QIODevice::ReadWrite);
data/sasm-3.11.1/singleapplication/qtlockedfile.cpp:123:20: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
bool QtLockedFile::open(OpenMode mode)
data/sasm-3.11.1/singleapplication/qtlockedfile.cpp:129:19: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
return QFile::open(mode);
data/sasm-3.11.1/singleapplication/qtlockedfile.h:76:10: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
bool open(OpenMode mode);
data/sasm-3.11.1/tab.cpp:144:13: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
outfile.open(QIODevice::WriteOnly | QIODevice::Text);
data/sasm-3.11.1/tab.cpp:165:10: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
file.open(QIODevice::ReadOnly);
data/sasm-3.11.1/tab.cpp:182:13: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
outfile.open(QIODevice::WriteOnly | QIODevice::Text);
data/sasm-3.11.1/tab.cpp:196:16: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
outputFile.open(QIODevice::ReadOnly);
data/sasm-3.11.1/singleapplication/qtlocalpeer.cpp:167:28: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
res &= (socket.read(qstrlen(ack)) == ack);
ANALYSIS SUMMARY:
Hits = 22
Lines analyzed = 11165 in approximately 0.36 seconds (31274 lines/second)
Physical Source Lines of Code (SLOC) = 7206
Hits@level = [0] 8 [1] 1 [2] 21 [3] 0 [4] 0 [5] 0
Hits@level+ = [0+] 30 [1+] 22 [2+] 21 [3+] 0 [4+] 0 [5+] 0
Hits/KSLOC@level+ = [0+] 4.1632 [1+] 3.05301 [2+] 2.91424 [3+] 0 [4+] 0 [5+] 0
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.