Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/veyon-4.4.2+repack1/3rdparty/kldap/src/ber.cpp
Examining data/veyon-4.4.2+repack1/3rdparty/kldap/src/ber.h
Examining data/veyon-4.4.2+repack1/3rdparty/kldap/src/ldapconfigwidget.cpp
Examining data/veyon-4.4.2+repack1/3rdparty/kldap/src/ldapconfigwidget.h
Examining data/veyon-4.4.2+repack1/3rdparty/kldap/src/ldapconnection.cpp
Examining data/veyon-4.4.2+repack1/3rdparty/kldap/src/ldapconnection.h
Examining data/veyon-4.4.2+repack1/3rdparty/kldap/src/ldapcontrol.cpp
Examining data/veyon-4.4.2+repack1/3rdparty/kldap/src/ldapcontrol.h
Examining data/veyon-4.4.2+repack1/3rdparty/kldap/src/ldapdefs.h
Examining data/veyon-4.4.2+repack1/3rdparty/kldap/src/ldapdn.cpp
Examining data/veyon-4.4.2+repack1/3rdparty/kldap/src/ldapdn.h
Examining data/veyon-4.4.2+repack1/3rdparty/kldap/src/ldapobject.cpp
Examining data/veyon-4.4.2+repack1/3rdparty/kldap/src/ldapobject.h
Examining data/veyon-4.4.2+repack1/3rdparty/kldap/src/ldapoperation.cpp
Examining data/veyon-4.4.2+repack1/3rdparty/kldap/src/ldapoperation.h
Examining data/veyon-4.4.2+repack1/3rdparty/kldap/src/ldapsearch.cpp
Examining data/veyon-4.4.2+repack1/3rdparty/kldap/src/ldapsearch.h
Examining data/veyon-4.4.2+repack1/3rdparty/kldap/src/ldapserver.cpp
Examining data/veyon-4.4.2+repack1/3rdparty/kldap/src/ldapserver.h
Examining data/veyon-4.4.2+repack1/3rdparty/kldap/src/ldapurl.cpp
Examining data/veyon-4.4.2+repack1/3rdparty/kldap/src/ldapurl.h
Examining data/veyon-4.4.2+repack1/3rdparty/kldap/src/ldif.cpp
Examining data/veyon-4.4.2+repack1/3rdparty/kldap/src/ldif.h
Examining data/veyon-4.4.2+repack1/3rdparty/kldap/src/w32-ldap-help.h
Examining data/veyon-4.4.2+repack1/cli/src/main.cpp
Examining data/veyon-4.4.2+repack1/configurator/src/AccessControlPage.cpp
Examining data/veyon-4.4.2+repack1/configurator/src/AccessControlPage.h
Examining data/veyon-4.4.2+repack1/configurator/src/AccessControlRuleEditDialog.cpp
Examining data/veyon-4.4.2+repack1/configurator/src/AccessControlRuleEditDialog.h
Examining data/veyon-4.4.2+repack1/configurator/src/AccessControlRuleListModel.cpp
Examining data/veyon-4.4.2+repack1/configurator/src/AccessControlRuleListModel.h
Examining data/veyon-4.4.2+repack1/configurator/src/AccessControlRulesTestDialog.cpp
Examining data/veyon-4.4.2+repack1/configurator/src/AccessControlRulesTestDialog.h
Examining data/veyon-4.4.2+repack1/configurator/src/GeneralConfigurationPage.cpp
Examining data/veyon-4.4.2+repack1/configurator/src/GeneralConfigurationPage.h
Examining data/veyon-4.4.2+repack1/configurator/src/main.cpp
Examining data/veyon-4.4.2+repack1/configurator/src/MainWindow.cpp
Examining data/veyon-4.4.2+repack1/configurator/src/MainWindow.h
Examining data/veyon-4.4.2+repack1/configurator/src/MasterConfigurationPage.cpp
Examining data/veyon-4.4.2+repack1/configurator/src/MasterConfigurationPage.h
Examining data/veyon-4.4.2+repack1/configurator/src/ServiceConfigurationPage.cpp
Examining data/veyon-4.4.2+repack1/configurator/src/ServiceConfigurationPage.h
Examining data/veyon-4.4.2+repack1/core/include/AboutDialog.h
Examining data/veyon-4.4.2+repack1/core/include/AccessControlProvider.h
Examining data/veyon-4.4.2+repack1/core/include/AccessControlRule.h
Examining data/veyon-4.4.2+repack1/core/include/AuthenticationCredentials.h
Examining data/veyon-4.4.2+repack1/core/include/AuthenticationProxy.h
Examining data/veyon-4.4.2+repack1/core/include/BuiltinFeatures.h
Examining data/veyon-4.4.2+repack1/core/include/CommandLineIO.h
Examining data/veyon-4.4.2+repack1/core/include/CommandLinePluginInterface.h
Examining data/veyon-4.4.2+repack1/core/include/ComputerControlInterface.h
Examining data/veyon-4.4.2+repack1/core/include/Computer.h
Examining data/veyon-4.4.2+repack1/core/include/Configuration/JsonStore.h
Examining data/veyon-4.4.2+repack1/core/include/Configuration/LocalStore.h
Examining data/veyon-4.4.2+repack1/core/include/Configuration/Object.h
Examining data/veyon-4.4.2+repack1/core/include/Configuration/Password.h
Examining data/veyon-4.4.2+repack1/core/include/Configuration/Property.h
Examining data/veyon-4.4.2+repack1/core/include/Configuration/Proxy.h
Examining data/veyon-4.4.2+repack1/core/include/Configuration/Store.h
Examining data/veyon-4.4.2+repack1/core/include/Configuration/UiMapping.h
Examining data/veyon-4.4.2+repack1/core/include/ConfigurationManager.h
Examining data/veyon-4.4.2+repack1/core/include/ConfigurationPage.h
Examining data/veyon-4.4.2+repack1/core/include/ConfigurationPagePluginInterface.h
Examining data/veyon-4.4.2+repack1/core/include/Cotire.h
Examining data/veyon-4.4.2+repack1/core/include/CryptoCore.h
Examining data/veyon-4.4.2+repack1/core/include/DesktopAccessDialog.h
Examining data/veyon-4.4.2+repack1/core/include/EnumHelper.h
Examining data/veyon-4.4.2+repack1/core/include/FeatureControl.h
Examining data/veyon-4.4.2+repack1/core/include/Feature.h
Examining data/veyon-4.4.2+repack1/core/include/FeatureManager.h
Examining data/veyon-4.4.2+repack1/core/include/FeatureMessage.h
Examining data/veyon-4.4.2+repack1/core/include/FeatureProviderInterface.h
Examining data/veyon-4.4.2+repack1/core/include/FeatureWorkerManager.h
Examining data/veyon-4.4.2+repack1/core/include/FileSystemBrowser.h
Examining data/veyon-4.4.2+repack1/core/include/Filesystem.h
Examining data/veyon-4.4.2+repack1/core/include/HashList.h
Examining data/veyon-4.4.2+repack1/core/include/HostAddress.h
Examining data/veyon-4.4.2+repack1/core/include/KeyboardShortcutTrapper.h
Examining data/veyon-4.4.2+repack1/core/include/LockWidget.h
Examining data/veyon-4.4.2+repack1/core/include/Logger.h
Examining data/veyon-4.4.2+repack1/core/include/MessageContext.h
Examining data/veyon-4.4.2+repack1/core/include/MonitoringMode.h
Examining data/veyon-4.4.2+repack1/core/include/NetworkObjectDirectory.h
Examining data/veyon-4.4.2+repack1/core/include/NetworkObjectDirectoryManager.h
Examining data/veyon-4.4.2+repack1/core/include/NetworkObjectDirectoryPluginInterface.h
Examining data/veyon-4.4.2+repack1/core/include/NetworkObject.h
Examining data/veyon-4.4.2+repack1/core/include/NetworkObjectModel.h
Examining data/veyon-4.4.2+repack1/core/include/ObjectManager.h
Examining data/veyon-4.4.2+repack1/core/include/PasswordDialog.h
Examining data/veyon-4.4.2+repack1/core/include/PlatformCoreFunctions.h
Examining data/veyon-4.4.2+repack1/core/include/PlatformFilesystemFunctions.h
Examining data/veyon-4.4.2+repack1/core/include/PlatformInputDeviceFunctions.h
Examining data/veyon-4.4.2+repack1/core/include/PlatformNetworkFunctions.h
Examining data/veyon-4.4.2+repack1/core/include/PlatformPluginInterface.h
Examining data/veyon-4.4.2+repack1/core/include/PlatformPluginManager.h
Examining data/veyon-4.4.2+repack1/core/include/PlatformServiceCore.h
Examining data/veyon-4.4.2+repack1/core/include/PlatformServiceFunctions.h
Examining data/veyon-4.4.2+repack1/core/include/PlatformSessionFunctions.h
Examining data/veyon-4.4.2+repack1/core/include/PlatformUserFunctions.h
Examining data/veyon-4.4.2+repack1/core/include/Plugin.h
Examining data/veyon-4.4.2+repack1/core/include/PluginInterface.h
Examining data/veyon-4.4.2+repack1/core/include/PluginManager.h
Examining data/veyon-4.4.2+repack1/core/include/ProcessHelper.h
Examining data/veyon-4.4.2+repack1/core/include/ProgressWidget.h
Examining data/veyon-4.4.2+repack1/core/include/QtCompat.h
Examining data/veyon-4.4.2+repack1/core/include/RfbVeyonAuth.h
Examining data/veyon-4.4.2+repack1/core/include/Screenshot.h
Examining data/veyon-4.4.2+repack1/core/include/ServiceControl.h
Examining data/veyon-4.4.2+repack1/core/include/SimpleFeatureProvider.h
Examining data/veyon-4.4.2+repack1/core/include/SocketDevice.h
Examining data/veyon-4.4.2+repack1/core/include/SystemTrayIcon.h
Examining data/veyon-4.4.2+repack1/core/include/ToolButton.h
Examining data/veyon-4.4.2+repack1/core/include/TranslationLoader.h
Examining data/veyon-4.4.2+repack1/core/include/UserGroupsBackendInterface.h
Examining data/veyon-4.4.2+repack1/core/include/UserGroupsBackendManager.h
Examining data/veyon-4.4.2+repack1/core/include/VariantArrayMessage.h
Examining data/veyon-4.4.2+repack1/core/include/VariantStream.h
Examining data/veyon-4.4.2+repack1/core/include/VeyonConfiguration.h
Examining data/veyon-4.4.2+repack1/core/include/VeyonConfigurationProperties.h
Examining data/veyon-4.4.2+repack1/core/include/VeyonConnection.h
Examining data/veyon-4.4.2+repack1/core/include/VeyonCore.h
Examining data/veyon-4.4.2+repack1/core/include/VeyonMasterInterface.h
Examining data/veyon-4.4.2+repack1/core/include/VeyonServerInterface.h
Examining data/veyon-4.4.2+repack1/core/include/VeyonServiceControl.h
Examining data/veyon-4.4.2+repack1/core/include/VeyonWorkerInterface.h
Examining data/veyon-4.4.2+repack1/core/include/VncClientProtocol.h
Examining data/veyon-4.4.2+repack1/core/include/VncConnection.h
Examining data/veyon-4.4.2+repack1/core/include/VncEvents.h
Examining data/veyon-4.4.2+repack1/core/include/VncFeatureMessageEvent.h
Examining data/veyon-4.4.2+repack1/core/include/VncServerClient.h
Examining data/veyon-4.4.2+repack1/core/include/VncServerPluginInterface.h
Examining data/veyon-4.4.2+repack1/core/include/VncServerProtocol.h
Examining data/veyon-4.4.2+repack1/core/include/VncView.h
Examining data/veyon-4.4.2+repack1/core/src/AboutDialog.cpp
Examining data/veyon-4.4.2+repack1/core/src/AccessControlProvider.cpp
Examining data/veyon-4.4.2+repack1/core/src/AccessControlRule.cpp
Examining data/veyon-4.4.2+repack1/core/src/AuthenticationCredentials.cpp
Examining data/veyon-4.4.2+repack1/core/src/BuiltinFeatures.cpp
Examining data/veyon-4.4.2+repack1/core/src/CommandLineIO.cpp
Examining data/veyon-4.4.2+repack1/core/src/ComputerControlInterface.cpp
Examining data/veyon-4.4.2+repack1/core/src/Computer.cpp
Examining data/veyon-4.4.2+repack1/core/src/Configuration/JsonStore.cpp
Examining data/veyon-4.4.2+repack1/core/src/Configuration/LocalStore.cpp
Examining data/veyon-4.4.2+repack1/core/src/Configuration/Object.cpp
Examining data/veyon-4.4.2+repack1/core/src/Configuration/Password.cpp
Examining data/veyon-4.4.2+repack1/core/src/Configuration/Proxy.cpp
Examining data/veyon-4.4.2+repack1/core/src/Configuration/UiMapping.cpp
Examining data/veyon-4.4.2+repack1/core/src/Configuration/Property.cpp
Examining data/veyon-4.4.2+repack1/core/src/ConfigurationManager.cpp
Examining data/veyon-4.4.2+repack1/core/src/ConfigurationPage.cpp
Examining data/veyon-4.4.2+repack1/core/src/CryptoCore.cpp
Examining data/veyon-4.4.2+repack1/core/src/d3des.c
Examining data/veyon-4.4.2+repack1/core/src/d3des.h
Examining data/veyon-4.4.2+repack1/core/src/DesktopAccessDialog.cpp
Examining data/veyon-4.4.2+repack1/core/src/FeatureControl.cpp
Examining data/veyon-4.4.2+repack1/core/src/FeatureManager.cpp
Examining data/veyon-4.4.2+repack1/core/src/FeatureMessage.cpp
Examining data/veyon-4.4.2+repack1/core/src/FeatureWorkerManager.cpp
Examining data/veyon-4.4.2+repack1/core/src/FileSystemBrowser.cpp
Examining data/veyon-4.4.2+repack1/core/src/Filesystem.cpp
Examining data/veyon-4.4.2+repack1/core/src/HostAddress.cpp
Examining data/veyon-4.4.2+repack1/core/src/LockWidget.cpp
Examining data/veyon-4.4.2+repack1/core/src/Logger.cpp
Examining data/veyon-4.4.2+repack1/core/src/MonitoringMode.cpp
Examining data/veyon-4.4.2+repack1/core/src/NetworkObject.cpp
Examining data/veyon-4.4.2+repack1/core/src/NetworkObjectDirectory.cpp
Examining data/veyon-4.4.2+repack1/core/src/NetworkObjectDirectoryManager.cpp
Examining data/veyon-4.4.2+repack1/core/src/PasswordDialog.cpp
Examining data/veyon-4.4.2+repack1/core/src/PlatformPluginManager.cpp
Examining data/veyon-4.4.2+repack1/core/src/PlatformServiceCore.cpp
Examining data/veyon-4.4.2+repack1/core/src/PluginManager.cpp
Examining data/veyon-4.4.2+repack1/core/src/ProcessHelper.cpp
Examining data/veyon-4.4.2+repack1/core/src/ProgressWidget.cpp
Examining data/veyon-4.4.2+repack1/core/src/QtCompat.cpp
Examining data/veyon-4.4.2+repack1/core/src/Screenshot.cpp
Examining data/veyon-4.4.2+repack1/core/src/ServiceControl.cpp
Examining data/veyon-4.4.2+repack1/core/src/SimpleFeatureProvider.cpp
Examining data/veyon-4.4.2+repack1/core/src/SystemTrayIcon.cpp
Examining data/veyon-4.4.2+repack1/core/src/ToolButton.cpp
Examining data/veyon-4.4.2+repack1/core/src/TranslationLoader.cpp
Examining data/veyon-4.4.2+repack1/core/src/UserGroupsBackendManager.cpp
Examining data/veyon-4.4.2+repack1/core/src/VariantArrayMessage.cpp
Examining data/veyon-4.4.2+repack1/core/src/VariantStream.cpp
Examining data/veyon-4.4.2+repack1/core/src/VeyonConfiguration.cpp
Examining data/veyon-4.4.2+repack1/core/src/VeyonConnection.cpp
Examining data/veyon-4.4.2+repack1/core/src/VeyonCore.cpp
Examining data/veyon-4.4.2+repack1/core/src/VeyonServiceControl.cpp
Examining data/veyon-4.4.2+repack1/core/src/VncClientProtocol.cpp
Examining data/veyon-4.4.2+repack1/core/src/VncConnection.cpp
Examining data/veyon-4.4.2+repack1/core/src/VncEvents.cpp
Examining data/veyon-4.4.2+repack1/core/src/VncFeatureMessageEvent.cpp
Examining data/veyon-4.4.2+repack1/core/src/VncServerProtocol.cpp
Examining data/veyon-4.4.2+repack1/core/src/VncView.cpp
Examining data/veyon-4.4.2+repack1/master/src/CheckableItemProxyModel.cpp
Examining data/veyon-4.4.2+repack1/master/src/CheckableItemProxyModel.h
Examining data/veyon-4.4.2+repack1/master/src/ComputerControlListModel.cpp
Examining data/veyon-4.4.2+repack1/master/src/ComputerControlListModel.h
Examining data/veyon-4.4.2+repack1/master/src/ComputerManager.cpp
Examining data/veyon-4.4.2+repack1/master/src/ComputerManager.h
Examining data/veyon-4.4.2+repack1/master/src/ComputerMonitoringWidget.cpp
Examining data/veyon-4.4.2+repack1/master/src/ComputerMonitoringWidget.h
Examining data/veyon-4.4.2+repack1/master/src/ComputerSelectPanel.cpp
Examining data/veyon-4.4.2+repack1/master/src/ComputerSelectPanel.h
Examining data/veyon-4.4.2+repack1/master/src/ComputerSortFilterProxyModel.cpp
Examining data/veyon-4.4.2+repack1/master/src/ComputerSortFilterProxyModel.h
Examining data/veyon-4.4.2+repack1/master/src/DocumentationFigureCreator.cpp
Examining data/veyon-4.4.2+repack1/master/src/DocumentationFigureCreator.h
Examining data/veyon-4.4.2+repack1/master/src/FlexibleListView.cpp
Examining data/veyon-4.4.2+repack1/master/src/FlexibleListView.h
Examining data/veyon-4.4.2+repack1/master/src/kitemmodels_debug.h
Examining data/veyon-4.4.2+repack1/master/src/kitemmodels_export.h
Examining data/veyon-4.4.2+repack1/master/src/KItemModelsIntegration.cpp
Examining data/veyon-4.4.2+repack1/master/src/LocationDialog.cpp
Examining data/veyon-4.4.2+repack1/master/src/LocationDialog.h
Examining data/veyon-4.4.2+repack1/master/src/main.cpp
Examining data/veyon-4.4.2+repack1/master/src/MainToolBar.cpp
Examining data/veyon-4.4.2+repack1/master/src/MainToolBar.h
Examining data/veyon-4.4.2+repack1/master/src/MainWindow.cpp
Examining data/veyon-4.4.2+repack1/master/src/MainWindow.h
Examining data/veyon-4.4.2+repack1/master/src/NetworkObjectFilterProxyModel.cpp
Examining data/veyon-4.4.2+repack1/master/src/NetworkObjectFilterProxyModel.h
Examining data/veyon-4.4.2+repack1/master/src/NetworkObjectOverlayDataModel.cpp
Examining data/veyon-4.4.2+repack1/master/src/NetworkObjectTreeModel.cpp
Examining data/veyon-4.4.2+repack1/master/src/NetworkObjectTreeModel.h
Examining data/veyon-4.4.2+repack1/master/src/RecursiveFilterProxyModel.cpp
Examining data/veyon-4.4.2+repack1/master/src/ScreenshotManagementPanel.cpp
Examining data/veyon-4.4.2+repack1/master/src/ScreenshotManagementPanel.h
Examining data/veyon-4.4.2+repack1/master/src/UserConfig.cpp
Examining data/veyon-4.4.2+repack1/master/src/UserConfig.h
Examining data/veyon-4.4.2+repack1/master/src/VeyonMaster.cpp
Examining data/veyon-4.4.2+repack1/master/src/VeyonMaster.h
Examining data/veyon-4.4.2+repack1/master/src/NetworkObjectOverlayDataModel.h
Examining data/veyon-4.4.2+repack1/master/src/RecursiveFilterProxyModel.h
Examining data/veyon-4.4.2+repack1/plugins/authkeys/AuthKeysConfigurationPage.cpp
Examining data/veyon-4.4.2+repack1/plugins/authkeys/AuthKeysConfigurationPage.h
Examining data/veyon-4.4.2+repack1/plugins/authkeys/AuthKeysManager.cpp
Examining data/veyon-4.4.2+repack1/plugins/authkeys/AuthKeysManager.h
Examining data/veyon-4.4.2+repack1/plugins/authkeys/AuthKeysPlugin.cpp
Examining data/veyon-4.4.2+repack1/plugins/authkeys/AuthKeysPlugin.h
Examining data/veyon-4.4.2+repack1/plugins/authkeys/AuthKeysTableModel.cpp
Examining data/veyon-4.4.2+repack1/plugins/authkeys/AuthKeysTableModel.h
Examining data/veyon-4.4.2+repack1/plugins/builtindirectory/BuiltinDirectoryConfiguration.h
Examining data/veyon-4.4.2+repack1/plugins/builtindirectory/BuiltinDirectoryConfigurationPage.cpp
Examining data/veyon-4.4.2+repack1/plugins/builtindirectory/BuiltinDirectoryConfigurationPage.h
Examining data/veyon-4.4.2+repack1/plugins/builtindirectory/BuiltinDirectory.cpp
Examining data/veyon-4.4.2+repack1/plugins/builtindirectory/BuiltinDirectory.h
Examining data/veyon-4.4.2+repack1/plugins/builtindirectory/BuiltinDirectoryPlugin.cpp
Examining data/veyon-4.4.2+repack1/plugins/builtindirectory/BuiltinDirectoryPlugin.h
Examining data/veyon-4.4.2+repack1/plugins/config/ConfigCommandLinePlugin.cpp
Examining data/veyon-4.4.2+repack1/plugins/config/ConfigCommandLinePlugin.h
Examining data/veyon-4.4.2+repack1/plugins/demo/DemoClient.cpp
Examining data/veyon-4.4.2+repack1/plugins/demo/DemoClient.h
Examining data/veyon-4.4.2+repack1/plugins/demo/DemoConfiguration.h
Examining data/veyon-4.4.2+repack1/plugins/demo/DemoConfigurationPage.cpp
Examining data/veyon-4.4.2+repack1/plugins/demo/DemoConfigurationPage.h
Examining data/veyon-4.4.2+repack1/plugins/demo/DemoFeaturePlugin.cpp
Examining data/veyon-4.4.2+repack1/plugins/demo/DemoFeaturePlugin.h
Examining data/veyon-4.4.2+repack1/plugins/demo/DemoServerConnection.cpp
Examining data/veyon-4.4.2+repack1/plugins/demo/DemoServerConnection.h
Examining data/veyon-4.4.2+repack1/plugins/demo/DemoServer.cpp
Examining data/veyon-4.4.2+repack1/plugins/demo/DemoServer.h
Examining data/veyon-4.4.2+repack1/plugins/demo/DemoServerProtocol.cpp
Examining data/veyon-4.4.2+repack1/plugins/demo/DemoServerProtocol.h
Examining data/veyon-4.4.2+repack1/plugins/desktopservices/DesktopServiceObject.cpp
Examining data/veyon-4.4.2+repack1/plugins/desktopservices/DesktopServiceObject.h
Examining data/veyon-4.4.2+repack1/plugins/desktopservices/DesktopServicesConfiguration.h
Examining data/veyon-4.4.2+repack1/plugins/desktopservices/DesktopServicesConfigurationPage.cpp
Examining data/veyon-4.4.2+repack1/plugins/desktopservices/DesktopServicesConfigurationPage.h
Examining data/veyon-4.4.2+repack1/plugins/desktopservices/DesktopServicesFeaturePlugin.cpp
Examining data/veyon-4.4.2+repack1/plugins/desktopservices/DesktopServicesFeaturePlugin.h
Examining data/veyon-4.4.2+repack1/plugins/desktopservices/OpenWebsiteDialog.cpp
Examining data/veyon-4.4.2+repack1/plugins/desktopservices/OpenWebsiteDialog.h
Examining data/veyon-4.4.2+repack1/plugins/desktopservices/RunProgramDialog.cpp
Examining data/veyon-4.4.2+repack1/plugins/desktopservices/RunProgramDialog.h
Examining data/veyon-4.4.2+repack1/plugins/filetransfer/FileReadThread.cpp
Examining data/veyon-4.4.2+repack1/plugins/filetransfer/FileReadThread.h
Examining data/veyon-4.4.2+repack1/plugins/filetransfer/FileTransferController.cpp
Examining data/veyon-4.4.2+repack1/plugins/filetransfer/FileTransferController.h
Examining data/veyon-4.4.2+repack1/plugins/filetransfer/FileTransferDialog.cpp
Examining data/veyon-4.4.2+repack1/plugins/filetransfer/FileTransferDialog.h
Examining data/veyon-4.4.2+repack1/plugins/filetransfer/FileTransferListModel.cpp
Examining data/veyon-4.4.2+repack1/plugins/filetransfer/FileTransferListModel.h
Examining data/veyon-4.4.2+repack1/plugins/filetransfer/FileTransferPlugin.cpp
Examining data/veyon-4.4.2+repack1/plugins/filetransfer/FileTransferPlugin.h
Examining data/veyon-4.4.2+repack1/plugins/filetransfer/FileTransferUserConfiguration.h
Examining data/veyon-4.4.2+repack1/plugins/ldap/common/LdapBrowseDialog.cpp
Examining data/veyon-4.4.2+repack1/plugins/ldap/common/LdapBrowseDialog.h
Examining data/veyon-4.4.2+repack1/plugins/ldap/common/LdapBrowseModel.cpp
Examining data/veyon-4.4.2+repack1/plugins/ldap/common/LdapBrowseModel.h
Examining data/veyon-4.4.2+repack1/plugins/ldap/common/LdapClient.cpp
Examining data/veyon-4.4.2+repack1/plugins/ldap/common/LdapClient.h
Examining data/veyon-4.4.2+repack1/plugins/ldap/common/LdapCommon.h
Examining data/veyon-4.4.2+repack1/plugins/ldap/common/LdapConfiguration.cpp
Examining data/veyon-4.4.2+repack1/plugins/ldap/common/LdapConfiguration.h
Examining data/veyon-4.4.2+repack1/plugins/ldap/common/LdapConfigurationPage.cpp
Examining data/veyon-4.4.2+repack1/plugins/ldap/common/LdapConfigurationPage.h
Examining data/veyon-4.4.2+repack1/plugins/ldap/common/LdapDirectory.cpp
Examining data/veyon-4.4.2+repack1/plugins/ldap/common/LdapDirectory.h
Examining data/veyon-4.4.2+repack1/plugins/ldap/common/LdapNetworkObjectDirectory.cpp
Examining data/veyon-4.4.2+repack1/plugins/ldap/common/LdapNetworkObjectDirectory.h
Examining data/veyon-4.4.2+repack1/plugins/ldap/kldap/kldap_export.h
Examining data/veyon-4.4.2+repack1/plugins/ldap/kldap/KLdapIntegration.cpp
Examining data/veyon-4.4.2+repack1/plugins/ldap/kldap/klocalizedstring.h
Examining data/veyon-4.4.2+repack1/plugins/ldap/kldap/ldap_debug.h
Examining data/veyon-4.4.2+repack1/plugins/ldap/LdapPlugin.cpp
Examining data/veyon-4.4.2+repack1/plugins/ldap/LdapPlugin.h
Examining data/veyon-4.4.2+repack1/plugins/platform/common/LogonHelper.cpp
Examining data/veyon-4.4.2+repack1/plugins/platform/common/LogonHelper.h
Examining data/veyon-4.4.2+repack1/plugins/platform/common/PersistentLogonCredentials.cpp
Examining data/veyon-4.4.2+repack1/plugins/platform/common/PersistentLogonCredentials.h
Examining data/veyon-4.4.2+repack1/plugins/platform/common/ServiceDataManager.cpp
Examining data/veyon-4.4.2+repack1/plugins/platform/common/ServiceDataManager.h
Examining data/veyon-4.4.2+repack1/plugins/platform/linux/auth-helper/VeyonAuthHelper.cpp
Examining data/veyon-4.4.2+repack1/plugins/platform/linux/LinuxCoreFunctions.h
Examining data/veyon-4.4.2+repack1/plugins/platform/linux/LinuxDesktopIntegration.h
Examining data/veyon-4.4.2+repack1/plugins/platform/linux/LinuxFilesystemFunctions.cpp
Examining data/veyon-4.4.2+repack1/plugins/platform/linux/LinuxFilesystemFunctions.h
Examining data/veyon-4.4.2+repack1/plugins/platform/linux/LinuxInputDeviceFunctions.cpp
Examining data/veyon-4.4.2+repack1/plugins/platform/linux/LinuxInputDeviceFunctions.h
Examining data/veyon-4.4.2+repack1/plugins/platform/linux/LinuxKeyboardInput.cpp
Examining data/veyon-4.4.2+repack1/plugins/platform/linux/LinuxKeyboardInput.h
Examining data/veyon-4.4.2+repack1/plugins/platform/linux/LinuxKeyboardShortcutTrapper.h
Examining data/veyon-4.4.2+repack1/plugins/platform/linux/LinuxNetworkFunctions.cpp
Examining data/veyon-4.4.2+repack1/plugins/platform/linux/LinuxNetworkFunctions.h
Examining data/veyon-4.4.2+repack1/plugins/platform/linux/LinuxPlatformConfiguration.h
Examining data/veyon-4.4.2+repack1/plugins/platform/linux/LinuxPlatformConfigurationPage.cpp
Examining data/veyon-4.4.2+repack1/plugins/platform/linux/LinuxPlatformConfigurationPage.h
Examining data/veyon-4.4.2+repack1/plugins/platform/linux/LinuxPlatformPlugin.cpp
Examining data/veyon-4.4.2+repack1/plugins/platform/linux/LinuxPlatformPlugin.h
Examining data/veyon-4.4.2+repack1/plugins/platform/linux/LinuxServiceCore.cpp
Examining data/veyon-4.4.2+repack1/plugins/platform/linux/LinuxServiceCore.h
Examining data/veyon-4.4.2+repack1/plugins/platform/linux/LinuxServiceFunctions.cpp
Examining data/veyon-4.4.2+repack1/plugins/platform/linux/LinuxServiceFunctions.h
Examining data/veyon-4.4.2+repack1/plugins/platform/linux/LinuxSessionFunctions.cpp
Examining data/veyon-4.4.2+repack1/plugins/platform/linux/LinuxSessionFunctions.h
Examining data/veyon-4.4.2+repack1/plugins/platform/linux/LinuxUserFunctions.cpp
Examining data/veyon-4.4.2+repack1/plugins/platform/linux/LinuxUserFunctions.h
Examining data/veyon-4.4.2+repack1/plugins/platform/linux/LinuxCoreFunctions.cpp
Examining data/veyon-4.4.2+repack1/plugins/powercontrol/PowerControlFeaturePlugin.cpp
Examining data/veyon-4.4.2+repack1/plugins/powercontrol/PowerControlFeaturePlugin.h
Examining data/veyon-4.4.2+repack1/plugins/powercontrol/PowerDownTimeInputDialog.cpp
Examining data/veyon-4.4.2+repack1/plugins/powercontrol/PowerDownTimeInputDialog.h
Examining data/veyon-4.4.2+repack1/plugins/remoteaccess/RemoteAccessFeaturePlugin.cpp
Examining data/veyon-4.4.2+repack1/plugins/remoteaccess/RemoteAccessFeaturePlugin.h
Examining data/veyon-4.4.2+repack1/plugins/remoteaccess/RemoteAccessWidget.cpp
Examining data/veyon-4.4.2+repack1/plugins/remoteaccess/RemoteAccessWidget.h
Examining data/veyon-4.4.2+repack1/plugins/screenlock/ScreenLockFeaturePlugin.cpp
Examining data/veyon-4.4.2+repack1/plugins/screenlock/ScreenLockFeaturePlugin.h
Examining data/veyon-4.4.2+repack1/plugins/screenshot/ScreenshotFeaturePlugin.cpp
Examining data/veyon-4.4.2+repack1/plugins/screenshot/ScreenshotFeaturePlugin.h
Examining data/veyon-4.4.2+repack1/plugins/servicecontrol/ServiceControlPlugin.cpp
Examining data/veyon-4.4.2+repack1/plugins/servicecontrol/ServiceControlPlugin.h
Examining data/veyon-4.4.2+repack1/plugins/shell/ShellCommandLinePlugin.cpp
Examining data/veyon-4.4.2+repack1/plugins/shell/ShellCommandLinePlugin.h
Examining data/veyon-4.4.2+repack1/plugins/systemusergroups/SystemUserGroupsPlugin.cpp
Examining data/veyon-4.4.2+repack1/plugins/systemusergroups/SystemUserGroupsPlugin.h
Examining data/veyon-4.4.2+repack1/plugins/testing/TestingCommandLinePlugin.cpp
Examining data/veyon-4.4.2+repack1/plugins/testing/TestingCommandLinePlugin.h
Examining data/veyon-4.4.2+repack1/plugins/textmessage/TextMessageDialog.cpp
Examining data/veyon-4.4.2+repack1/plugins/textmessage/TextMessageDialog.h
Examining data/veyon-4.4.2+repack1/plugins/textmessage/TextMessageFeaturePlugin.cpp
Examining data/veyon-4.4.2+repack1/plugins/textmessage/TextMessageFeaturePlugin.h
Examining data/veyon-4.4.2+repack1/plugins/usersessioncontrol/UserLoginDialog.cpp
Examining data/veyon-4.4.2+repack1/plugins/usersessioncontrol/UserLoginDialog.h
Examining data/veyon-4.4.2+repack1/plugins/usersessioncontrol/UserSessionControlPlugin.cpp
Examining data/veyon-4.4.2+repack1/plugins/usersessioncontrol/UserSessionControlPlugin.h
Examining data/veyon-4.4.2+repack1/plugins/vncserver/external/ExternalVncServerConfiguration.h
Examining data/veyon-4.4.2+repack1/plugins/vncserver/external/ExternalVncServerConfigurationWidget.cpp
Examining data/veyon-4.4.2+repack1/plugins/vncserver/external/ExternalVncServerConfigurationWidget.h
Examining data/veyon-4.4.2+repack1/plugins/vncserver/external/ExternalVncServer.cpp
Examining data/veyon-4.4.2+repack1/plugins/vncserver/external/ExternalVncServer.h
Examining data/veyon-4.4.2+repack1/plugins/vncserver/ultravnc-builtin/BuiltinUltraVncServer.cpp
Examining data/veyon-4.4.2+repack1/plugins/vncserver/ultravnc-builtin/BuiltinUltraVncServer.h
Examining data/veyon-4.4.2+repack1/plugins/vncserver/ultravnc-builtin/LogoffEventFilter.cpp
Examining data/veyon-4.4.2+repack1/plugins/vncserver/ultravnc-builtin/LogoffEventFilter.h
Examining data/veyon-4.4.2+repack1/plugins/vncserver/ultravnc-builtin/UltraVncConfiguration.h
Examining data/veyon-4.4.2+repack1/plugins/vncserver/ultravnc-builtin/UltraVncConfigurationWidget.cpp
Examining data/veyon-4.4.2+repack1/plugins/vncserver/ultravnc-builtin/UltraVncConfigurationWidget.h
Examining data/veyon-4.4.2+repack1/plugins/vncserver/ultravnc-builtin/ultravnc.cpp
Examining data/veyon-4.4.2+repack1/plugins/vncserver/ultravnc-builtin/vncntlm.cpp
Examining data/veyon-4.4.2+repack1/plugins/vncserver/x11vnc-builtin/BuiltinX11VncServer.cpp
Examining data/veyon-4.4.2+repack1/plugins/vncserver/x11vnc-builtin/BuiltinX11VncServer.h
Examining data/veyon-4.4.2+repack1/plugins/vncserver/x11vnc-builtin/X11VncConfiguration.h
Examining data/veyon-4.4.2+repack1/plugins/vncserver/x11vnc-builtin/X11VncConfigurationWidget.cpp
Examining data/veyon-4.4.2+repack1/plugins/vncserver/x11vnc-builtin/X11VncConfigurationWidget.h
Examining data/veyon-4.4.2+repack1/plugins/vncserver/x11vnc-builtin/x11vnc-veyon.c
Examining data/veyon-4.4.2+repack1/server/src/ComputerControlClient.cpp
Examining data/veyon-4.4.2+repack1/server/src/ComputerControlClient.h
Examining data/veyon-4.4.2+repack1/server/src/ComputerControlServer.cpp
Examining data/veyon-4.4.2+repack1/server/src/ComputerControlServer.h
Examining data/veyon-4.4.2+repack1/server/src/main.cpp
Examining data/veyon-4.4.2+repack1/server/src/ServerAccessControlManager.cpp
Examining data/veyon-4.4.2+repack1/server/src/ServerAccessControlManager.h
Examining data/veyon-4.4.2+repack1/server/src/ServerAuthenticationManager.cpp
Examining data/veyon-4.4.2+repack1/server/src/ServerAuthenticationManager.h
Examining data/veyon-4.4.2+repack1/server/src/VeyonServerProtocol.cpp
Examining data/veyon-4.4.2+repack1/server/src/VeyonServerProtocol.h
Examining data/veyon-4.4.2+repack1/server/src/VncProxyConnection.cpp
Examining data/veyon-4.4.2+repack1/server/src/VncProxyConnectionFactory.h
Examining data/veyon-4.4.2+repack1/server/src/VncProxyConnection.h
Examining data/veyon-4.4.2+repack1/server/src/VncProxyServer.cpp
Examining data/veyon-4.4.2+repack1/server/src/VncProxyServer.h
Examining data/veyon-4.4.2+repack1/server/src/VncServer.cpp
Examining data/veyon-4.4.2+repack1/server/src/VncServer.h
Examining data/veyon-4.4.2+repack1/service/src/main.cpp
Examining data/veyon-4.4.2+repack1/worker/src/FeatureWorkerManagerConnection.cpp
Examining data/veyon-4.4.2+repack1/worker/src/FeatureWorkerManagerConnection.h
Examining data/veyon-4.4.2+repack1/worker/src/main.cpp
Examining data/veyon-4.4.2+repack1/worker/src/VeyonWorker.cpp
Examining data/veyon-4.4.2+repack1/worker/src/VeyonWorker.h
FINAL RESULTS:
data/veyon-4.4.2+repack1/3rdparty/kldap/src/ber.cpp:127:10: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
int Ber::printf(QString format, ...)
data/veyon-4.4.2+repack1/3rdparty/kldap/src/ber.cpp:232:10: [4] (buffer) scanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function. If the scanf format is influenceable by an
attacker, it's exploitable.
int Ber::scanf(QString format, ...)
data/veyon-4.4.2+repack1/3rdparty/kldap/src/ber.cpp:441:10: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
int Ber::printf(QString format, ...)
data/veyon-4.4.2+repack1/3rdparty/kldap/src/ber.cpp:448:10: [4] (buffer) scanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function. If the scanf format is influenceable by an
attacker, it's exploitable.
int Ber::scanf(QString format, ...)
data/veyon-4.4.2+repack1/3rdparty/kldap/src/ber.h:118:9: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
int printf(QString format, ...); // Passing by-value since it's used by va_start
data/veyon-4.4.2+repack1/3rdparty/kldap/src/ber.h:119:9: [4] (buffer) scanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function. If the scanf format is influenceable by an
attacker, it's exploitable.
int scanf(QString format, ...);
data/veyon-4.4.2+repack1/3rdparty/kldap/src/ldapcontrol.cpp:126:13: [4] (buffer) scanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function. If the scanf format is influenceable by an
attacker, it's exploitable.
if (ber.scanf(QStringLiteral("{iO}"), &size, &cookie) == -1) {
data/veyon-4.4.2+repack1/3rdparty/kldap/src/ldapcontrol.cpp:138:9: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
ber.printf(QStringLiteral("{iO}"), pagesize, &cookie);
data/veyon-4.4.2+repack1/core/src/VncConnection.cpp:139:2: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
vsnprintf( message, sizeof(message), format, args );
data/veyon-4.4.2+repack1/plugins/vncserver/ultravnc-builtin/BuiltinUltraVncServer.cpp:203:17: [3] (misc) LoadLibrary:
Ensure that the full path to the library is specified, or current directory
may be used (CWE-829, CWE-20). Use registry entry or GetWindowsDirectory to
find library path, if you aren't already.
auto hUser32 = LoadLibrary( "user32.dll" );
data/veyon-4.4.2+repack1/plugins/vncserver/ultravnc-builtin/BuiltinUltraVncServer.cpp:204:17: [3] (misc) LoadLibrary:
Ensure that the full path to the library is specified, or current directory
may be used (CWE-829, CWE-20). Use registry entry or GetWindowsDirectory to
find library path, if you aren't already.
auto hSHCore = LoadLibrary( "SHCore.dll" );
data/veyon-4.4.2+repack1/3rdparty/kldap/src/ber.cpp:129:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fmt[2];
data/veyon-4.4.2+repack1/3rdparty/kldap/src/ber.cpp:234:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fmt[2];
data/veyon-4.4.2+repack1/3rdparty/kldap/src/ber.cpp:314:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[255];
data/veyon-4.4.2+repack1/3rdparty/kldap/src/ldapoperation.cpp:562:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(berval->bv_val, value->data(), vallen);
data/veyon-4.4.2+repack1/3rdparty/kldap/src/ldapoperation.cpp:604:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ctrl->ldctl_value.bv_val, value.data(), vallen);
data/veyon-4.4.2+repack1/3rdparty/kldap/src/ldapoperation.cpp:1030:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(berval->bv_val, value.data(), vallen);
data/veyon-4.4.2+repack1/3rdparty/kldap/src/ldapoperation.cpp:1059:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(berval->bv_val, value.data(), vallen);
data/veyon-4.4.2+repack1/3rdparty/kldap/src/ldapoperation.cpp:1087:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(berval->bv_val, data.data(), vallen);
data/veyon-4.4.2+repack1/3rdparty/kldap/src/ldapoperation.cpp:1123:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(berval->bv_val, data.data(), vallen);
data/veyon-4.4.2+repack1/core/src/Configuration/JsonStore.cpp:82:16: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if( !jsonFile.open( QFile::ReadOnly ) )
data/veyon-4.4.2+repack1/core/src/Configuration/JsonStore.cpp:135:15: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if( !outfile.open( QIODevice::WriteOnly | QIODevice::Truncate ) )
data/veyon-4.4.2+repack1/core/src/Configuration/JsonStore.cpp:149:10: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
outfile.open( QFile::WriteOnly | QFile::Append );
data/veyon-4.4.2+repack1/core/src/Configuration/JsonStore.cpp:162:10: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
outfile.open( QIODevice::WriteOnly | QIODevice::Truncate );
data/veyon-4.4.2+repack1/core/src/VncConnection.cpp:137:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char message[MaxMessageLength];
data/veyon-4.4.2+repack1/core/src/d3des.c:67:23: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const unsigned char pc1[56] = {
data/veyon-4.4.2+repack1/core/src/d3des.c:73:23: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const unsigned char totrot[16] = {
data/veyon-4.4.2+repack1/core/src/d3des.c:76:23: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const unsigned char pc2[48] = {
data/veyon-4.4.2+repack1/core/src/d3des.c:86:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char pc1m[56], pcr[56];
data/veyon-4.4.2+repack1/plugins/builtindirectory/BuiltinDirectoryPlugin.cpp:331:21: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
else if( inputFile.open( QFile::ReadOnly | QFile::Text ) == false )
data/veyon-4.4.2+repack1/plugins/filetransfer/FileReadThread.cpp:58:26: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if( QFile( m_fileName ).open( QFile::ReadOnly ) == false )
data/veyon-4.4.2+repack1/plugins/filetransfer/FileReadThread.cpp:65:11: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
m_file->open( QFile::ReadOnly );
data/veyon-4.4.2+repack1/plugins/platform/common/PersistentLogonCredentials.cpp:48:22: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if( logonDataBuffer.open( QBuffer::ReadOnly ) == false )
data/veyon-4.4.2+repack1/plugins/platform/common/PersistentLogonCredentials.cpp:66:22: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if( logonDataBuffer.open( QBuffer::WriteOnly ) == false )
data/veyon-4.4.2+repack1/plugins/platform/linux/LinuxFilesystemFunctions.cpp:160:11: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
int fd = open( file->fileName().toUtf8().constData(), flags, fileMode );
data/veyon-4.4.2+repack1/plugins/platform/linux/LinuxFilesystemFunctions.cpp:184:15: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
return file->open( fd, openMode, QFileDevice::AutoCloseHandle );
data/veyon-4.4.2+repack1/plugins/platform/linux/auth-helper/VeyonAuthHelper.cpp:74:8: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
stdIn.open( 0, QFile::ReadOnly | QFile::Unbuffered );
data/veyon-4.4.2+repack1/3rdparty/kldap/src/ldapoperation.cpp:234:29: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
interact->len = strlen((const char *)interact->result);
data/veyon-4.4.2+repack1/core/src/VeyonConnection.cpp:176:30: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
int authTypeCount = message.read().toInt();
data/veyon-4.4.2+repack1/core/src/VeyonConnection.cpp:183:72: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
authTypes.append( QVariantHelper<RfbVeyonAuth::Type>::value( message.read() ) );
data/veyon-4.4.2+repack1/core/src/VeyonConnection.cpp:244:51: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
const auto challenge = challengeReceiveMessage.read().toByteArray();
data/veyon-4.4.2+repack1/core/src/VeyonConnection.cpp:274:86: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
CryptoCore::PublicKey publicKey = CryptoCore::PublicKey::fromPEM( publicKeyMessage.read().toString() );
data/veyon-4.4.2+repack1/core/src/VeyonCore.cpp:368:50: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (info.indexOf(operator_call) == pos - (int)strlen(operator_call))
data/veyon-4.4.2+repack1/core/src/VeyonCore.cpp:391:50: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (info.indexOf(operator_call) == pos - (int)strlen(operator_call) + 1)
data/veyon-4.4.2+repack1/core/src/VeyonCore.cpp:395:54: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (info.indexOf(operator_lessThan) == pos - (int)strlen(operator_lessThan) + 1)
data/veyon-4.4.2+repack1/core/src/VeyonCore.cpp:399:57: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (info.indexOf(operator_greaterThan) == pos - (int)strlen(operator_greaterThan) + 1)
data/veyon-4.4.2+repack1/core/src/VeyonCore.cpp:403:30: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int operatorLength = (int)strlen(operator_lessThanEqual);
data/veyon-4.4.2+repack1/core/src/VncClientProtocol.cpp:233:35: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
const auto protocol = m_socket->read( sz_rfbProtocolVersionMsg );
data/veyon-4.4.2+repack1/core/src/VncClientProtocol.cpp:273:13: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
m_socket->read( reinterpret_cast<char *>( &securityTypeCount ), sizeof(securityTypeCount) );
data/veyon-4.4.2+repack1/core/src/VncClientProtocol.cpp:283:43: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
const auto securityTypeList = m_socket->read( securityTypeCount );
data/veyon-4.4.2+repack1/core/src/VncClientProtocol.cpp:319:13: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
m_socket->read( reinterpret_cast<char *>( challenge ), CHALLENGESIZE );
data/veyon-4.4.2+repack1/core/src/VncClientProtocol.cpp:341:13: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
m_socket->read( reinterpret_cast<char *>( &authResult ), sizeof(authResult) );
data/veyon-4.4.2+repack1/core/src/VncClientProtocol.cpp:391:36: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
m_serverInitMessage = m_socket->read( sz_rfbServerInitMsg + nameLength );
data/veyon-4.4.2+repack1/core/src/VncClientProtocol.cpp:417:13: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if( buffer.read( reinterpret_cast<char *>( &message ), sz_rfbFramebufferUpdateMsg ) != sz_rfbFramebufferUpdateMsg )
data/veyon-4.4.2+repack1/core/src/VncClientProtocol.cpp:429:14: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if( buffer.read( reinterpret_cast<char *>( &rectHeader ), sz_rfbFramebufferUpdateRectHeader ) != sz_rfbFramebufferUpdateRectHeader )
data/veyon-4.4.2+repack1/core/src/VncClientProtocol.cpp:530:27: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
auto message = m_socket->read( size );
data/veyon-4.4.2+repack1/core/src/VncClientProtocol.cpp:559:14: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
( buffer.read( sz_rfbXCursorColors ).size() == sz_rfbXCursorColors &&
data/veyon-4.4.2+repack1/core/src/VncClientProtocol.cpp:560:14: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
buffer.read( 2 * bytesPerRow * height ).size() == static_cast<int>( 2 * bytesPerRow * height ) );
data/veyon-4.4.2+repack1/core/src/VncClientProtocol.cpp:564:14: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
( buffer.read( width * height * bytesPerPixel ).size() == static_cast<int>( width * height * bytesPerPixel ) &&
data/veyon-4.4.2+repack1/core/src/VncClientProtocol.cpp:565:14: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
buffer.read( bytesPerRow * height ).size() == static_cast<int>( bytesPerRow * height ) );
data/veyon-4.4.2+repack1/core/src/VncClientProtocol.cpp:568:17: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
return buffer.read( sz_rfbSupportedMessages ).size() == sz_rfbSupportedMessages;
data/veyon-4.4.2+repack1/core/src/VncClientProtocol.cpp:573:17: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
return buffer.read( width ).size() == static_cast<int>( width );
data/veyon-4.4.2+repack1/core/src/VncClientProtocol.cpp:576:17: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
return buffer.read( width * height * bytesPerPixel ).size() == static_cast<int>( width * height * bytesPerPixel );
data/veyon-4.4.2+repack1/core/src/VncClientProtocol.cpp:579:17: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
return buffer.read( sz_rfbCopyRect ).size() == sz_rfbCopyRect;
data/veyon-4.4.2+repack1/core/src/VncClientProtocol.cpp:620:13: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if( buffer.read( reinterpret_cast<char *>( &hdr ), sz_rfbRREHeader ) != sz_rfbRREHeader )
data/veyon-4.4.2+repack1/core/src/VncClientProtocol.cpp:628:16: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
return buffer.read( totalDataSize ).size() == totalDataSize;
data/veyon-4.4.2+repack1/core/src/VncClientProtocol.cpp:637:13: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if( buffer.read( reinterpret_cast<char *>( &hdr ), sz_rfbRREHeader ) != sz_rfbRREHeader )
data/veyon-4.4.2+repack1/core/src/VncClientProtocol.cpp:645:16: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
return buffer.read( totalDataSize ).size() == totalDataSize;
data/veyon-4.4.2+repack1/core/src/VncClientProtocol.cpp:675:15: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if( buffer.read( reinterpret_cast<char *>( &subEncoding ), 1 ) != 1 )
data/veyon-4.4.2+repack1/core/src/VncClientProtocol.cpp:683:16: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if( buffer.read( dataSize ).size() != dataSize )
data/veyon-4.4.2+repack1/core/src/VncClientProtocol.cpp:692:16: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if( buffer.read( bytesPerPixel ).size() != static_cast<int>( bytesPerPixel ) )
data/veyon-4.4.2+repack1/core/src/VncClientProtocol.cpp:700:16: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if( buffer.read( bytesPerPixel ).size() != static_cast<int>( bytesPerPixel ) )
data/veyon-4.4.2+repack1/core/src/VncClientProtocol.cpp:712:15: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if( buffer.read( reinterpret_cast<char *>( &nSubrects ), 1 ) != 1 )
data/veyon-4.4.2+repack1/core/src/VncClientProtocol.cpp:728:15: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if( buffer.read( subRectDataSize ).size() != subRectDataSize )
data/veyon-4.4.2+repack1/core/src/VncClientProtocol.cpp:744:13: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if( buffer.read( reinterpret_cast<char *>( &hdr ), sz_rfbZlibHeader ) != sz_rfbZlibHeader )
data/veyon-4.4.2+repack1/core/src/VncClientProtocol.cpp:751:16: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
return buffer.read( n ).size() == static_cast<int>( n );
data/veyon-4.4.2+repack1/core/src/VncClientProtocol.cpp:760:13: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if( buffer.read( reinterpret_cast<char *>( &hdr ), sz_rfbZRLEHeader ) != sz_rfbZRLEHeader )
data/veyon-4.4.2+repack1/core/src/VncClientProtocol.cpp:767:16: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
return buffer.read( n ).size() == static_cast<int>( n );
data/veyon-4.4.2+repack1/core/src/VncServerProtocol.cpp:71:25: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
bool VncServerProtocol::read()
data/veyon-4.4.2+repack1/core/src/VncServerProtocol.cpp:118:35: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
const auto protocol = m_socket->read( sz_rfbProtocolVersionMsg );
data/veyon-4.4.2+repack1/core/src/VncServerProtocol.cpp:163:17: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if( m_socket->read( &chosenSecurityType, sizeof(chosenSecurityType) ) != sizeof(chosenSecurityType) ||
data/veyon-4.4.2+repack1/core/src/VncServerProtocol.cpp:205:82: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
const auto chosenAuthType = QVariantHelper<RfbVeyonAuth::Type>::value( message.read() );
data/veyon-4.4.2+repack1/core/src/VncServerProtocol.cpp:222:33: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
const auto username = message.read().toString();
data/veyon-4.4.2+repack1/core/src/VncServerProtocol.cpp:318:13: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
m_socket->read( sz_rfbClientInitMsg );
data/veyon-4.4.2+repack1/plugins/demo/DemoServer.cpp:153:31: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
while( m_vncClientProtocol->read() )
data/veyon-4.4.2+repack1/plugins/demo/DemoServerConnection.cpp:73:27: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
while( m_serverProtocol.read() )
data/veyon-4.4.2+repack1/plugins/demo/DemoServerConnection.cpp:111:23: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
return m_socket->read( totalSize ).size() == totalSize;
data/veyon-4.4.2+repack1/plugins/demo/DemoServerConnection.cpp:131:13: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
m_socket->read( m_rfbClientToServerMessageSizes[messageType] );
data/veyon-4.4.2+repack1/plugins/demo/DemoServerProtocol.cpp:74:22: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if( Token( message.read().toByteArray() ) == m_demoAccessToken )
data/veyon-4.4.2+repack1/plugins/filetransfer/FileReadThread.cpp:96:31: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
const auto chunk = m_file->read( chunkSize );
data/veyon-4.4.2+repack1/plugins/platform/common/LogonHelper.cpp:62:35: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if( PersistentLogonCredentials::read( &username, &password ) )
data/veyon-4.4.2+repack1/plugins/platform/common/PersistentLogonCredentials.cpp:32:34: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
bool PersistentLogonCredentials::read( QString* username, Password* password )
data/veyon-4.4.2+repack1/plugins/platform/common/PersistentLogonCredentials.cpp:40:39: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
auto logonData = ServiceDataManager::read( ServiceDataManager::serviceDataTokenFromEnvironment() );
data/veyon-4.4.2+repack1/plugins/platform/common/PersistentLogonCredentials.cpp:55:21: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
*username = stream.read().toString();
data/veyon-4.4.2+repack1/plugins/platform/common/PersistentLogonCredentials.cpp:56:62: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
*password = VeyonCore::cryptoCore().decryptPassword( stream.read().toString() );
data/veyon-4.4.2+repack1/plugins/platform/common/PersistentLogonCredentials.h:36:14: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
static bool read( QString* username, Password* password );
data/veyon-4.4.2+repack1/plugins/platform/common/ServiceDataManager.cpp:54:32: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
QByteArray ServiceDataManager::read( const Token& token )
data/veyon-4.4.2+repack1/plugins/platform/common/ServiceDataManager.cpp:79:18: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
return response.read().toByteArray();
data/veyon-4.4.2+repack1/plugins/platform/common/ServiceDataManager.cpp:176:32: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
const auto token = inMessage.read().toByteArray();
data/veyon-4.4.2+repack1/plugins/platform/common/ServiceDataManager.cpp:184:56: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
const auto command = static_cast<Command>( inMessage.read().toInt() );
data/veyon-4.4.2+repack1/plugins/platform/common/ServiceDataManager.cpp:188:23: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
m_data = inMessage.read().toByteArray();
data/veyon-4.4.2+repack1/plugins/platform/common/ServiceDataManager.h:57:20: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
static QByteArray read( const Token& token );
ANALYSIS SUMMARY:
Hits = 102
Lines analyzed = 57719 in approximately 1.30 seconds (44374 lines/second)
Physical Source Lines of Code (SLOC) = 35240
Hits@level = [0] 31 [1] 65 [2] 26 [3] 2 [4] 9 [5] 0
Hits@level+ = [0+] 133 [1+] 102 [2+] 37 [3+] 11 [4+] 9 [5+] 0
Hits/KSLOC@level+ = [0+] 3.77412 [1+] 2.89444 [2+] 1.04994 [3+] 0.312145 [4+] 0.255392 [5+] 0
Dot directories skipped = 2 (--followdotdir overrides)
Suppressed hits = 40 (use --neverignore to show them)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.