Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler. Number of rules (primarily dangerous function names) in C/C++ ruleset: 223 Examining data/tipp10-2.1.0/def/errordefines.h Examining data/tipp10-2.1.0/def/defines.h Examining data/tipp10-2.1.0/games/abcrainwidget.h Examining data/tipp10-2.1.0/games/charball.cpp Examining data/tipp10-2.1.0/games/charball.h Examining data/tipp10-2.1.0/games/abcrainwidget.cpp Examining data/tipp10-2.1.0/sql/chartablesql.h Examining data/tipp10-2.1.0/sql/keyboardsql.cpp Examining data/tipp10-2.1.0/sql/keyboardsql.h Examining data/tipp10-2.1.0/sql/lessontablesql.h Examining data/tipp10-2.1.0/sql/startsql.h Examining data/tipp10-2.1.0/sql/trainingsql.cpp Examining data/tipp10-2.1.0/sql/trainingsql.h Examining data/tipp10-2.1.0/sql/startsql.cpp Examining data/tipp10-2.1.0/sql/connection.h Examining data/tipp10-2.1.0/sql/chartablesql.cpp Examining data/tipp10-2.1.0/sql/lessontablesql.cpp Examining data/tipp10-2.1.0/widget/checkversion.cpp Examining data/tipp10-2.1.0/widget/checkversion.h Examining data/tipp10-2.1.0/widget/companylogo.cpp Examining data/tipp10-2.1.0/widget/companylogo.h Examining data/tipp10-2.1.0/widget/downloaddialog.cpp Examining data/tipp10-2.1.0/widget/downloaddialog.h Examining data/tipp10-2.1.0/widget/errormessage.cpp Examining data/tipp10-2.1.0/widget/errormessage.h Examining data/tipp10-2.1.0/widget/evaluationwidget.cpp Examining data/tipp10-2.1.0/widget/evaluationwidget.h Examining data/tipp10-2.1.0/widget/fingerwidget.cpp Examining data/tipp10-2.1.0/widget/fingerwidget.h Examining data/tipp10-2.1.0/widget/helpbrowser.h Examining data/tipp10-2.1.0/widget/illustrationdialog.cpp Examining data/tipp10-2.1.0/widget/illustrationdialog.h Examining data/tipp10-2.1.0/widget/illustrationimage.cpp Examining data/tipp10-2.1.0/widget/illustrationimage.h Examining data/tipp10-2.1.0/widget/keyboard.cpp Examining data/tipp10-2.1.0/widget/keyboard.h Examining data/tipp10-2.1.0/widget/lessondialog.h Examining data/tipp10-2.1.0/widget/lessonprintdialog.cpp Examining data/tipp10-2.1.0/widget/lessonprintdialog.h Examining data/tipp10-2.1.0/widget/lessonresult.cpp Examining data/tipp10-2.1.0/widget/lessonresult.h Examining data/tipp10-2.1.0/widget/numpad.cpp Examining data/tipp10-2.1.0/widget/numpad.h Examining data/tipp10-2.1.0/widget/progressionwidget.cpp Examining data/tipp10-2.1.0/widget/progressionwidget.h Examining data/tipp10-2.1.0/widget/regexpdialog.cpp Examining data/tipp10-2.1.0/widget/regexpdialog.h Examining data/tipp10-2.1.0/widget/settingsdialog.cpp Examining data/tipp10-2.1.0/widget/settingsdialog.h Examining data/tipp10-2.1.0/widget/settingsdialogx.cpp Examining data/tipp10-2.1.0/widget/settingsdialogx.h Examining data/tipp10-2.1.0/widget/settingspages.h Examining data/tipp10-2.1.0/widget/startwidget.h Examining data/tipp10-2.1.0/widget/statusbar.cpp Examining data/tipp10-2.1.0/widget/statusbar.h Examining data/tipp10-2.1.0/widget/tickerboard.h Examining data/tipp10-2.1.0/widget/trainingwidget.cpp Examining data/tipp10-2.1.0/widget/trainingwidget.h Examining data/tipp10-2.1.0/widget/txtmessagedialog.cpp Examining data/tipp10-2.1.0/widget/txtmessagedialog.h Examining data/tipp10-2.1.0/widget/updatedialog.cpp Examining data/tipp10-2.1.0/widget/updatedialog.h Examining data/tipp10-2.1.0/widget/tickerboard.cpp Examining data/tipp10-2.1.0/widget/lessondialog.cpp Examining data/tipp10-2.1.0/widget/helpbrowser.cpp Examining data/tipp10-2.1.0/widget/mainwindow.h Examining data/tipp10-2.1.0/widget/mainwindow.cpp Examining data/tipp10-2.1.0/widget/settingspages.cpp Examining data/tipp10-2.1.0/widget/startwidget.cpp Examining data/tipp10-2.1.0/main.cpp FINAL RESULTS: data/tipp10-2.1.0/main.cpp:63:12: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. QLocale::system().name()).toString(); data/tipp10-2.1.0/sql/chartablesql.cpp:71:34: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. errorRatioString.sprintf("%.0f", errorRatio); data/tipp10-2.1.0/sql/lessontablesql.cpp:111:30: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. lessonRateString.sprintf("%.0f", lessonRate); data/tipp10-2.1.0/sql/lessontablesql.cpp:118:29: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. lessonCpmString.sprintf("%.0f", lessonCpm); data/tipp10-2.1.0/sql/lessontablesql.cpp:126:31: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. lessonGradeString.sprintf("%.0f", lessonGrade); data/tipp10-2.1.0/widget/fingerwidget.cpp:129:24: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. rateTempString.sprintf("%.0f", rateTemp); data/tipp10-2.1.0/widget/lessonresult.cpp:231:20: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. lessonRate.sprintf("%.0f", lessonRateTemp); data/tipp10-2.1.0/widget/lessonresult.cpp:234:19: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. lessonCpm.sprintf("%.0f", lessonCpmTemp); data/tipp10-2.1.0/widget/lessonresult.cpp:239:21: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. lessonGrade.sprintf("%.0f", lessonGradeTemp); data/tipp10-2.1.0/widget/lessonresult.cpp:240:27: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. lessonGradeSimple.sprintf("%.0f", lessonGradeTemp); data/tipp10-2.1.0/widget/lessonresult.cpp:587:20: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. lessonRate.sprintf("%.0f", lessonRateTemp); data/tipp10-2.1.0/widget/lessonresult.cpp:590:19: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. lessonCpm.sprintf("%.0f", lessonCpmTemp); data/tipp10-2.1.0/widget/lessonresult.cpp:595:21: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. lessonGrade.sprintf("%.0f", lessonGradeTemp); data/tipp10-2.1.0/widget/progressionwidget.cpp:159:25: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. gradeTempString.sprintf("%.0f", gradeTemp); data/tipp10-2.1.0/widget/progressionwidget.cpp:163:23: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. cpmTempString.sprintf("%.0f", cpmTemp); data/tipp10-2.1.0/sql/connection.h:121:13: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if (!db.open()) { data/tipp10-2.1.0/sql/connection.h:281:13: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if (!db.open()) { data/tipp10-2.1.0/sql/connection.h:348:18: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if (!sqlFile.open(QIODevice::ReadOnly | QIODevice::Text)) { data/tipp10-2.1.0/widget/checkversion.cpp:51:27: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if (!tempVersionFile->open()) { data/tipp10-2.1.0/widget/downloaddialog.cpp:196:23: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if (!tempTxtFile->open()) { data/tipp10-2.1.0/widget/startwidget.cpp:915:12: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if (!file.open(QIODevice::ReadOnly | QIODevice::Text)) { data/tipp10-2.1.0/widget/startwidget.cpp:1035:12: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if (!file.open(QFile::WriteOnly | QIODevice::Text)) { data/tipp10-2.1.0/widget/updatedialog.cpp:153:27: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if (!tempVersionFile->open()) { data/tipp10-2.1.0/widget/updatedialog.cpp:189:23: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if (!tempSqlFile->open()) { ANALYSIS SUMMARY: Hits = 24 Lines analyzed = 17881 in approximately 0.44 seconds (40852 lines/second) Physical Source Lines of Code (SLOC) = 10953 Hits@level = [0] 0 [1] 0 [2] 9 [3] 0 [4] 15 [5] 0 Hits@level+ = [0+] 24 [1+] 24 [2+] 24 [3+] 15 [4+] 15 [5+] 0 Hits/KSLOC@level+ = [0+] 2.19118 [1+] 2.19118 [2+] 2.19118 [3+] 1.36949 [4+] 1.36949 [5+] 0 Dot directories skipped = 1 (--followdotdir overrides) Minimum risk level = 1 Not every hit is necessarily a security vulnerability. There may be other security vulnerabilities; review your code! See 'Secure Programming HOWTO' (https://dwheeler.com/secure-programs) for more information.