Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/sonnet-5.74.0/autotests/test_highlighter.cpp
Examining data/sonnet-5.74.0/autotests/test_core.cpp
Examining data/sonnet-5.74.0/autotests/test_suggest.cpp
Examining data/sonnet-5.74.0/autotests/test_core.h
Examining data/sonnet-5.74.0/autotests/test_autodetect.cpp
Examining data/sonnet-5.74.0/autotests/test_settings.cpp
Examining data/sonnet-5.74.0/autotests/test_settings.h
Examining data/sonnet-5.74.0/autotests/test_filter.h
Examining data/sonnet-5.74.0/autotests/test_filter.cpp
Examining data/sonnet-5.74.0/tests/backgroundtest.h
Examining data/sonnet-5.74.0/tests/backgroundtest.cpp
Examining data/sonnet-5.74.0/examples/configdialog.cpp
Examining data/sonnet-5.74.0/examples/highlighterexample.h
Examining data/sonnet-5.74.0/examples/highlighterexample.cpp
Examining data/sonnet-5.74.0/examples/dictionarycombobox.cpp
Examining data/sonnet-5.74.0/examples/plaintextedit.cpp
Examining data/sonnet-5.74.0/examples/dialogexample.h
Examining data/sonnet-5.74.0/examples/textedit.cpp
Examining data/sonnet-5.74.0/examples/dialogexample.cpp
Examining data/sonnet-5.74.0/src/ui/configdialog.h
Examining data/sonnet-5.74.0/src/ui/configdialog.cpp
Examining data/sonnet-5.74.0/src/ui/dialog.cpp
Examining data/sonnet-5.74.0/src/ui/spellcheckdecorator.h
Examining data/sonnet-5.74.0/src/ui/dialog.h
Examining data/sonnet-5.74.0/src/ui/configview.cpp
Examining data/sonnet-5.74.0/src/ui/configwidget.h
Examining data/sonnet-5.74.0/src/ui/spellcheckdecorator.cpp
Examining data/sonnet-5.74.0/src/ui/highlighter.cpp
Examining data/sonnet-5.74.0/src/ui/configview.h
Examining data/sonnet-5.74.0/src/ui/dictionarycombobox.cpp
Examining data/sonnet-5.74.0/src/ui/dictionarycombobox.h
Examining data/sonnet-5.74.0/src/ui/configwidget.cpp
Examining data/sonnet-5.74.0/src/ui/highlighter.h
Examining data/sonnet-5.74.0/src/core/settingsimpl_p.h
Examining data/sonnet-5.74.0/src/core/backgroundchecker.h
Examining data/sonnet-5.74.0/src/core/guesslanguage.h
Examining data/sonnet-5.74.0/src/core/spellerplugin.cpp
Examining data/sonnet-5.74.0/src/core/spellerplugin_p.h
Examining data/sonnet-5.74.0/src/core/textbreaks.cpp
Examining data/sonnet-5.74.0/src/core/loader_p.h
Examining data/sonnet-5.74.0/src/core/tokenizer.cpp
Examining data/sonnet-5.74.0/src/core/loader.cpp
Examining data/sonnet-5.74.0/src/core/textbreaks_p.h
Examining data/sonnet-5.74.0/src/core/settings.h
Examining data/sonnet-5.74.0/src/core/speller.h
Examining data/sonnet-5.74.0/src/core/client.cpp
Examining data/sonnet-5.74.0/src/core/backgroundchecker.cpp
Examining data/sonnet-5.74.0/src/core/guesslanguage.cpp
Examining data/sonnet-5.74.0/src/core/client_p.h
Examining data/sonnet-5.74.0/src/core/settings.cpp
Examining data/sonnet-5.74.0/src/core/settingsimpl.cpp
Examining data/sonnet-5.74.0/src/core/languagefilter_p.h
Examining data/sonnet-5.74.0/src/core/tokenizer_p.h
Examining data/sonnet-5.74.0/src/core/speller.cpp
Examining data/sonnet-5.74.0/src/core/languagefilter.cpp
Examining data/sonnet-5.74.0/src/core/backgroundchecker_p.h
Examining data/sonnet-5.74.0/src/plugins/enchant/enchantclient.h
Examining data/sonnet-5.74.0/src/plugins/enchant/enchantdict.h
Examining data/sonnet-5.74.0/src/plugins/enchant/enchantdict.cpp
Examining data/sonnet-5.74.0/src/plugins/enchant/enchantclient.cpp
Examining data/sonnet-5.74.0/src/plugins/aspell/aspellclient.h
Examining data/sonnet-5.74.0/src/plugins/aspell/aspellclient.cpp
Examining data/sonnet-5.74.0/src/plugins/aspell/aspelldict.h
Examining data/sonnet-5.74.0/src/plugins/aspell/aspelldict.cpp
Examining data/sonnet-5.74.0/src/plugins/voikko/voikkodict.h
Examining data/sonnet-5.74.0/src/plugins/voikko/voikkoclient.h
Examining data/sonnet-5.74.0/src/plugins/voikko/voikkodict.cpp
Examining data/sonnet-5.74.0/src/plugins/voikko/voikkoclient.cpp
Examining data/sonnet-5.74.0/src/plugins/nsspellchecker/nsspellcheckerdict.h
Examining data/sonnet-5.74.0/src/plugins/nsspellchecker/nsspellcheckerclient.h
Examining data/sonnet-5.74.0/src/plugins/ispellchecker/ispellcheckerclient.cpp
Examining data/sonnet-5.74.0/src/plugins/ispellchecker/ispellcheckerclient.h
Examining data/sonnet-5.74.0/src/plugins/ispellchecker/ispellcheckerdict.cpp
Examining data/sonnet-5.74.0/src/plugins/ispellchecker/ispellcheckerdict.h
Examining data/sonnet-5.74.0/src/plugins/hunspell/hunspellclient.h
Examining data/sonnet-5.74.0/src/plugins/hunspell/hunspelldict.cpp
Examining data/sonnet-5.74.0/src/plugins/hunspell/hunspelldict.h
Examining data/sonnet-5.74.0/src/plugins/hunspell/hunspellclient.cpp
Examining data/sonnet-5.74.0/src/plugins/hspell/hspellclient.cpp
Examining data/sonnet-5.74.0/src/plugins/hspell/hspelldict.cpp
Examining data/sonnet-5.74.0/src/plugins/hspell/hspellclient.h
Examining data/sonnet-5.74.0/src/plugins/hspell/hspelldict.h
Examining data/sonnet-5.74.0/data/gentrigrams.cpp
Examining data/sonnet-5.74.0/data/parsetrigrams.cpp
FINAL RESULTS:
data/sonnet-5.74.0/autotests/test_settings.cpp:72:52: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
QLocale::system().name()).toString();
data/sonnet-5.74.0/autotests/test_settings.cpp:80:52: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
QLocale::system().name()).toString();
data/sonnet-5.74.0/autotests/test_settings.cpp:90:35: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
QLocale::system().name()).toString();
data/sonnet-5.74.0/src/core/settings.cpp:187:21: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
return QLocale::system().name();
data/sonnet-5.74.0/data/gentrigrams.cpp:25:15: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!file.open(QIODevice::ReadOnly | QFile::Text)) {
data/sonnet-5.74.0/data/gentrigrams.cpp:33:18: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!outFile.open(QIODevice::WriteOnly)) {
data/sonnet-5.74.0/data/parsetrigrams.cpp:26:10: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
sout.open(stdout, QIODevice::WriteOnly);
data/sonnet-5.74.0/data/parsetrigrams.cpp:37:13: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fin.open(QFile::ReadOnly | QFile::Text);
data/sonnet-5.74.0/src/core/guesslanguage.cpp:639:14: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!sin.open(QIODevice::ReadOnly)) {
data/sonnet-5.74.0/src/plugins/hunspell/hunspelldict.cpp:52:21: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (userDicFile.open(QIODevice::ReadOnly | QIODevice::Text)) {
data/sonnet-5.74.0/src/plugins/hunspell/hunspelldict.cpp:147:21: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (userDicFile.open(QIODevice::Append | QIODevice::Text)) {
data/sonnet-5.74.0/src/plugins/voikko/voikkodict.cpp:101:23: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!userDictFile.open(QIODevice::ReadOnly)) {
data/sonnet-5.74.0/src/plugins/voikko/voikkodict.cpp:158:27: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!userDictFile.open(QIODevice::ReadWrite)) {
data/sonnet-5.74.0/data/gentrigrams.cpp:40:30: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
QString trigram = stream.read(3);
data/sonnet-5.74.0/tests/backgroundtest.cpp:131:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
m_len = strlen(text);
ANALYSIS SUMMARY:
Hits = 15
Lines analyzed = 9880 in approximately 0.35 seconds (28490 lines/second)
Physical Source Lines of Code (SLOC) = 6732
Hits@level = [0] 0 [1] 2 [2] 9 [3] 0 [4] 4 [5] 0
Hits@level+ = [0+] 15 [1+] 15 [2+] 13 [3+] 4 [4+] 4 [5+] 0
Hits/KSLOC@level+ = [0+] 2.22816 [1+] 2.22816 [2+] 1.93108 [3+] 0.594177 [4+] 0.594177 [5+] 0
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.