stdin

Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/ulcc-1.0.2/FormHelp.cpp
Examining data/ulcc-1.0.2/ManagerDictionaries.cpp
Examining data/ulcc-1.0.2/FormAbout.cpp
Examining data/ulcc-1.0.2/FormHelp.h
Examining data/ulcc-1.0.2/FormAbout.h
Examining data/ulcc-1.0.2/FormSelectLanguage.cpp
Examining data/ulcc-1.0.2/mainwindow.cpp
Examining data/ulcc-1.0.2/ManagerLanguage.cpp
Examining data/ulcc-1.0.2/ManagerDictionaries.h
Examining data/ulcc-1.0.2/mainwindow.h
Examining data/ulcc-1.0.2/FormSelectDictionary.cpp
Examining data/ulcc-1.0.2/config_ulcc.h
Examining data/ulcc-1.0.2/FormSelectLanguage.h
Examining data/ulcc-1.0.2/ManagerLanguage.h
Examining data/ulcc-1.0.2/main.cpp
Examining data/ulcc-1.0.2/FormSelectDictionary.h

FINAL RESULTS:

data/ulcc-1.0.2/FormSelectDictionary.cpp:43:54:  [4] (shell) system:
  This causes a new program to execute and is difficult to use safely
  (CWE-78). try using a library call that implements the same functionality
  if available.
        if (dictionary.description.contains(QLocale::system().name())) dictionaryDescription = dictionary.description[QLocale::system().name()];
data/ulcc-1.0.2/FormSelectDictionary.cpp:43:128:  [4] (shell) system:
  This causes a new program to execute and is difficult to use safely
  (CWE-78). try using a library call that implements the same functionality
  if available.
        if (dictionary.description.contains(QLocale::system().name())) dictionaryDescription = dictionary.description[QLocale::system().name()];
data/ulcc-1.0.2/FormSelectLanguage.cpp:44:62:  [4] (shell) system:
  This causes a new program to execute and is difficult to use safely
  (CWE-78). try using a library call that implements the same functionality
  if available.
            if (confSettings->value("ulcc/language",QLocale::system().bcp47Name()).toString()==lang_code){
data/ulcc-1.0.2/mainwindow.cpp:108:27:  [4] (shell) system:
  This causes a new program to execute and is difficult to use safely
  (CWE-78). try using a library call that implements the same functionality
  if available.
        locale = QLocale::system().name();
data/ulcc-1.0.2/mainwindow.cpp:186:27:  [4] (shell) system:
  This causes a new program to execute and is difficult to use safely
  (CWE-78). try using a library call that implements the same functionality
  if available.
        locale = QLocale::system().name();
data/ulcc-1.0.2/mainwindow.cpp:381:67:  [4] (shell) system:
  This causes a new program to execute and is difficult to use safely
  (CWE-78). try using a library call that implements the same functionality
  if available.
    QString locale = confSettings->value("ulcc/language",QLocale::system().bcp47Name()).toString();
data/ulcc-1.0.2/ManagerDictionaries.cpp:21:15:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    if (!file.open(QIODevice::ReadOnly | QIODevice::Text)){
data/ulcc-1.0.2/ManagerDictionaries.cpp:100:22:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
            if (file.open(QIODevice::ReadOnly | QIODevice::Text)){
data/ulcc-1.0.2/ManagerLanguage.cpp:15:15:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    if (!file.open(QIODevice::ReadOnly | QIODevice::Text)){

ANALYSIS SUMMARY:

Hits = 9
Lines analyzed = 1135 in approximately 0.09 seconds (12787 lines/second)
Physical Source Lines of Code (SLOC) = 850
Hits@level = [0]   0 [1]   0 [2]   3 [3]   0 [4]   6 [5]   0
Hits@level+ = [0+]   9 [1+]   9 [2+]   9 [3+]   6 [4+]   6 [5+]   0
Hits/KSLOC@level+ = [0+] 10.5882 [1+] 10.5882 [2+] 10.5882 [3+] 7.05882 [4+] 7.05882 [5+]   0
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.