Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/zeal-0.6.1/src/app/main.cpp
Examining data/zeal-0.6.1/src/libs/core/application.cpp
Examining data/zeal-0.6.1/src/libs/core/application.h
Examining data/zeal-0.6.1/src/libs/core/applicationsingleton.cpp
Examining data/zeal-0.6.1/src/libs/core/applicationsingleton.h
Examining data/zeal-0.6.1/src/libs/core/extractor.cpp
Examining data/zeal-0.6.1/src/libs/core/extractor.h
Examining data/zeal-0.6.1/src/libs/core/filemanager.cpp
Examining data/zeal-0.6.1/src/libs/core/filemanager.h
Examining data/zeal-0.6.1/src/libs/core/networkaccessmanager.cpp
Examining data/zeal-0.6.1/src/libs/core/networkaccessmanager.h
Examining data/zeal-0.6.1/src/libs/core/settings.h
Examining data/zeal-0.6.1/src/libs/core/settings.cpp
Examining data/zeal-0.6.1/src/libs/registry/cancellationtoken.h
Examining data/zeal-0.6.1/src/libs/registry/docset.cpp
Examining data/zeal-0.6.1/src/libs/registry/docset.h
Examining data/zeal-0.6.1/src/libs/registry/docsetmetadata.cpp
Examining data/zeal-0.6.1/src/libs/registry/docsetmetadata.h
Examining data/zeal-0.6.1/src/libs/registry/docsetregistry.cpp
Examining data/zeal-0.6.1/src/libs/registry/docsetregistry.h
Examining data/zeal-0.6.1/src/libs/registry/itemdatarole.h
Examining data/zeal-0.6.1/src/libs/registry/listmodel.cpp
Examining data/zeal-0.6.1/src/libs/registry/listmodel.h
Examining data/zeal-0.6.1/src/libs/registry/searchmodel.cpp
Examining data/zeal-0.6.1/src/libs/registry/searchmodel.h
Examining data/zeal-0.6.1/src/libs/registry/searchquery.cpp
Examining data/zeal-0.6.1/src/libs/registry/searchquery.h
Examining data/zeal-0.6.1/src/libs/registry/searchresult.h
Examining data/zeal-0.6.1/src/libs/ui/aboutdialog.cpp
Examining data/zeal-0.6.1/src/libs/ui/aboutdialog.h
Examining data/zeal-0.6.1/src/libs/ui/docsetlistitemdelegate.cpp
Examining data/zeal-0.6.1/src/libs/ui/docsetlistitemdelegate.h
Examining data/zeal-0.6.1/src/libs/ui/docsetsdialog.cpp
Examining data/zeal-0.6.1/src/libs/ui/docsetsdialog.h
Examining data/zeal-0.6.1/src/libs/ui/mainwindow.cpp
Examining data/zeal-0.6.1/src/libs/ui/mainwindow.h
Examining data/zeal-0.6.1/src/libs/ui/progressitemdelegate.cpp
Examining data/zeal-0.6.1/src/libs/ui/progressitemdelegate.h
Examining data/zeal-0.6.1/src/libs/ui/qxtglobalshortcut/qxtglobalshortcut.cpp
Examining data/zeal-0.6.1/src/libs/ui/qxtglobalshortcut/qxtglobalshortcut.h
Examining data/zeal-0.6.1/src/libs/ui/qxtglobalshortcut/qxtglobalshortcut_mac.cpp
Examining data/zeal-0.6.1/src/libs/ui/qxtglobalshortcut/qxtglobalshortcut_p.h
Examining data/zeal-0.6.1/src/libs/ui/qxtglobalshortcut/qxtglobalshortcut_win.cpp
Examining data/zeal-0.6.1/src/libs/ui/qxtglobalshortcut/qxtglobalshortcut_x11.cpp
Examining data/zeal-0.6.1/src/libs/ui/searchitemdelegate.h
Examining data/zeal-0.6.1/src/libs/ui/settingsdialog.cpp
Examining data/zeal-0.6.1/src/libs/ui/settingsdialog.h
Examining data/zeal-0.6.1/src/libs/ui/webbridge.cpp
Examining data/zeal-0.6.1/src/libs/ui/webbridge.h
Examining data/zeal-0.6.1/src/libs/ui/widgets/searchedit.cpp
Examining data/zeal-0.6.1/src/libs/ui/widgets/searchedit.h
Examining data/zeal-0.6.1/src/libs/ui/widgets/searchtoolbar.cpp
Examining data/zeal-0.6.1/src/libs/ui/widgets/searchtoolbar.h
Examining data/zeal-0.6.1/src/libs/ui/widgets/shortcutedit.cpp
Examining data/zeal-0.6.1/src/libs/ui/widgets/shortcutedit.h
Examining data/zeal-0.6.1/src/libs/ui/widgets/toolbarframe.cpp
Examining data/zeal-0.6.1/src/libs/ui/widgets/toolbarframe.h
Examining data/zeal-0.6.1/src/libs/ui/widgets/webview.cpp
Examining data/zeal-0.6.1/src/libs/ui/widgets/webview.h
Examining data/zeal-0.6.1/src/libs/ui/widgets/webviewtab.cpp
Examining data/zeal-0.6.1/src/libs/ui/widgets/webviewtab.h
Examining data/zeal-0.6.1/src/libs/ui/searchitemdelegate.cpp
Examining data/zeal-0.6.1/src/libs/util/plist.cpp
Examining data/zeal-0.6.1/src/libs/util/plist.h
Examining data/zeal-0.6.1/src/libs/util/sqlitedatabase.cpp
Examining data/zeal-0.6.1/src/libs/util/sqlitedatabase.h
Examining data/zeal-0.6.1/src/libs/util/version.cpp
Examining data/zeal-0.6.1/src/libs/util/version.h
FINAL RESULTS:
data/zeal-0.6.1/src/libs/core/application.cpp:256:45: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
{QStringLiteral("locale"), QLocale::system().name()}
data/zeal-0.6.1/src/libs/core/extractor.cpp:88:20: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!file->open(QIODevice::WriteOnly)) {
data/zeal-0.6.1/src/libs/registry/docset.cpp:367:16: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!file->open(QIODevice::ReadOnly))
data/zeal-0.6.1/src/libs/registry/docsetmetadata.cpp:77:16: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!file->open(QIODevice::WriteOnly))
data/zeal-0.6.1/src/libs/registry/docsetmetadata.cpp:111:15: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (file->open(QIODevice::WriteOnly))
data/zeal-0.6.1/src/libs/registry/docsetmetadata.cpp:119:15: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (file->open(QIODevice::WriteOnly))
data/zeal-0.6.1/src/libs/ui/docsetsdialog.cpp:311:19: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (file->open(QIODevice::WriteOnly))
data/zeal-0.6.1/src/libs/ui/docsetsdialog.cpp:383:22: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
tmpFile->open();
data/zeal-0.6.1/src/libs/ui/docsetsdialog.cpp:425:22: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
tmpFile->open();
data/zeal-0.6.1/src/libs/ui/docsetsdialog.cpp:508:16: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!file->open(QIODevice::ReadOnly)) {
data/zeal-0.6.1/src/libs/ui/mainwindow.cpp:892:19: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (file->open(QIODevice::ReadOnly)) {
data/zeal-0.6.1/src/libs/ui/mainwindow.cpp:899:19: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (file->open(QIODevice::ReadOnly)) {
data/zeal-0.6.1/src/libs/ui/mainwindow.cpp:906:19: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (file->open(QIODevice::ReadOnly)) {
data/zeal-0.6.1/src/libs/util/plist.cpp:38:16: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!file->open(QIODevice::ReadOnly)) {
data/zeal-0.6.1/src/libs/registry/docset.cpp:91:15: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
plist.read(dir.filePath(QStringLiteral("Info.plist")));
data/zeal-0.6.1/src/libs/registry/docset.cpp:93:15: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
plist.read(dir.filePath(QStringLiteral("info.plist")));
data/zeal-0.6.1/src/libs/ui/docsetsdialog.cpp:388:35: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
tmpFile->write(reply->read(1024 * 1024)); // Use small chunks
data/zeal-0.6.1/src/libs/ui/docsetsdialog.cpp:429:31: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
tmpFile->write(reply->read(received));
data/zeal-0.6.1/src/libs/util/plist.cpp:35:13: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
bool Plist::read(const QString &fileName)
data/zeal-0.6.1/src/libs/util/plist.h:37:10: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
bool read(const QString &fileName);
ANALYSIS SUMMARY:
Hits = 20
Lines analyzed = 10520 in approximately 0.31 seconds (34452 lines/second)
Physical Source Lines of Code (SLOC) = 6743
Hits@level = [0] 0 [1] 6 [2] 13 [3] 0 [4] 1 [5] 0
Hits@level+ = [0+] 20 [1+] 20 [2+] 14 [3+] 1 [4+] 1 [5+] 0
Hits/KSLOC@level+ = [0+] 2.96604 [1+] 2.96604 [2+] 2.07623 [3+] 0.148302 [4+] 0.148302 [5+] 0
Dot directories skipped = 2 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.