Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/svn-all-fast-export-1.0.16+git20190806/src/CommandLineParser.cpp
Examining data/svn-all-fast-export-1.0.16+git20190806/src/CommandLineParser.h
Examining data/svn-all-fast-export-1.0.16+git20190806/src/main.cpp
Examining data/svn-all-fast-export-1.0.16+git20190806/src/repository.cpp
Examining data/svn-all-fast-export-1.0.16+git20190806/src/repository.h
Examining data/svn-all-fast-export-1.0.16+git20190806/src/ruleparser.cpp
Examining data/svn-all-fast-export-1.0.16+git20190806/src/ruleparser.h
Examining data/svn-all-fast-export-1.0.16+git20190806/src/svn.cpp
Examining data/svn-all-fast-export-1.0.16+git20190806/src/svn.h
FINAL RESULTS:
data/svn-all-fast-export-1.0.16+git20190806/src/main.cpp:39:15: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!file.open(QIODevice::ReadOnly)) {
data/svn-all-fast-export-1.0.16+git20190806/src/main.cpp:85:15: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if( !file.open(QIODevice::ReadOnly)) {
data/svn-all-fast-export-1.0.16+git20190806/src/repository.cpp:348:27: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (fDesc.open(QIODevice::WriteOnly | QIODevice::Truncate | QIODevice::Text)) {
data/svn-all-fast-export-1.0.16+git20190806/src/repository.cpp:356:23: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
marks.open(QIODevice::WriteOnly);
data/svn-all-fast-export-1.0.16+git20190806/src/repository.cpp:376:20: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!marksfile.open(QIODevice::ReadOnly))
data/svn-all-fast-export-1.0.16+git20190806/src/repository.cpp:428:13: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
logfile.open(QIODevice::ReadWrite);
data/svn-all-fast-export-1.0.16+git20190806/src/repository.cpp:507:23: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
annotatedTagsFile.open(QIODevice::ReadOnly);
data/svn-all-fast-export-1.0.16+git20190806/src/repository.cpp:518:21: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
branchNotesFile.open(QIODevice::ReadOnly);
data/svn-all-fast-export-1.0.16+git20190806/src/repository.cpp:785:23: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
annotatedTagsFile.open(QIODevice::WriteOnly);
data/svn-all-fast-export-1.0.16+git20190806/src/repository.cpp:851:21: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
branchNotesFile.open(QIODevice::WriteOnly);
data/svn-all-fast-export-1.0.16+git20190806/src/repository.h:41:17: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
log.open(QIODevice::WriteOnly);
data/svn-all-fast-export-1.0.16+git20190806/src/ruleparser.cpp:155:15: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!file.open(QIODevice::ReadOnly))
data/svn-all-fast-export-1.0.16+git20190806/src/svn.cpp:419:9: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
int open()
data/svn-all-fast-export-1.0.16+git20190806/src/svn.cpp:461:13: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (rev.open() == EXIT_FAILURE)
data/svn-all-fast-export-1.0.16+git20190806/src/svn.cpp:274:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
apr_size_t len = strlen("link ");
data/svn-all-fast-export-1.0.16+git20190806/src/svn.cpp:279:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (len == strlen("link ") && strncmp(buf, "link ", len) == 0) {
data/svn-all-fast-export-1.0.16+git20190806/src/svn.cpp:386:31: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
QByteArray date(svn_date, strlen(svn_date) - 8);
data/svn-all-fast-export-1.0.16+git20190806/src/svn.cpp:1037:60: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
QIODevice *io = txn->addFile(gitIgnorePath, 33188, strlen(content));
ANALYSIS SUMMARY:
Hits = 18
Lines analyzed = 3871 in approximately 0.13 seconds (30386 lines/second)
Physical Source Lines of Code (SLOC) = 2978
Hits@level = [0] 28 [1] 4 [2] 14 [3] 0 [4] 0 [5] 0
Hits@level+ = [0+] 46 [1+] 18 [2+] 14 [3+] 0 [4+] 0 [5+] 0
Hits/KSLOC@level+ = [0+] 15.4466 [1+] 6.04433 [2+] 4.70114 [3+] 0 [4+] 0 [5+] 0
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.