Flawfinder Results

Examining ./src/modules/core/include/LiveSupport/Core/BaseTestMethod.h
Examining ./src/modules/core/include/LiveSupport/Core/Playable.h
Examining ./src/modules/core/include/LiveSupport/Core/FileTools.h

./src/modules/core/include/LiveSupport/Core/FileTools.h:101: [3] (tmpfile) tempnam: Temporary file race condition.

        tempnam(void)                                           throw ();

Examining ./src/modules/core/include/LiveSupport/Core/LocalizedObject.h
Examining ./src/modules/core/include/LiveSupport/Core/Ptr.h
Examining ./src/modules/core/include/LiveSupport/Core/Thread.h
Examining ./src/modules/core/include/LiveSupport/Core/XmlRpcInvalidArgumentException.h
Examining ./src/modules/core/include/LiveSupport/Core/RdsItem.h
Examining ./src/modules/core/include/LiveSupport/Core/AudioClip.h
Examining ./src/modules/core/include/LiveSupport/Core/MetadataTypeContainer.h
Examining ./src/modules/core/include/LiveSupport/Core/PlaylistElement.h
Examining ./src/modules/core/include/LiveSupport/Core/XmlRpcIOException.h
Examining ./src/modules/core/include/LiveSupport/Core/ScheduleEntry.h
Examining ./src/modules/core/include/LiveSupport/Core/XmlRpcException.h
Examining ./src/modules/core/include/LiveSupport/Core/XmlRpcMethodFaultException.h
Examining ./src/modules/core/include/LiveSupport/Core/RunnableInterface.h
Examining ./src/modules/core/include/LiveSupport/Core/XmlRpcTools.h
Examining ./src/modules/core/include/LiveSupport/Core/OptionsContainer.h
Examining ./src/modules/core/include/LiveSupport/Core/PlayLogEntry.h
Examining ./src/modules/core/include/LiveSupport/Core/Installable.h
Examining ./src/modules/core/include/LiveSupport/Core/RdsContainer.h
Examining ./src/modules/core/include/LiveSupport/Core/Configurable.h
Examining ./src/modules/core/include/LiveSupport/Core/SessionId.h
Examining ./src/modules/core/include/LiveSupport/Core/TimeConversion.h
Examining ./src/modules/core/include/LiveSupport/Core/Playlist.h
Examining ./src/modules/core/include/LiveSupport/Core/Mutex.h
Examining ./src/modules/core/include/LiveSupport/Core/FadeInfo.h
Examining ./src/modules/core/include/LiveSupport/Core/Uuid.h

./src/modules/core/include/LiveSupport/Core/Uuid.h:108: [2] (buffer) char: Statically-sized arrays can be overflowed. Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length.

            char            nodeId[6];

Examining ./src/modules/core/include/LiveSupport/Core/XmlRpcMethodResponseException.h
Examining ./src/modules/core/include/LiveSupport/Core/MetadataType.h
Examining ./src/modules/core/include/LiveSupport/Core/AsyncState.h
Examining ./src/modules/core/include/LiveSupport/Core/XmlRpcCommunicationException.h
Examining ./src/modules/core/include/LiveSupport/Core/SearchCriteria.h
Examining ./src/modules/core/include/LiveSupport/Core/UniqueId.h
Examining ./src/modules/core/include/LiveSupport/Core/Md5.h

./src/modules/core/include/LiveSupport/Core/Md5.h:175: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination. Make sure destination can always hold the source data.

      static void memcpy    (uint1 *dest, uint1 *src, uint4 length);

Examining ./src/modules/core/include/LiveSupport/Core/Debug.h
Examining ./src/modules/core/include/LiveSupport/Core/MetadataConstraint.h
Examining ./src/modules/core/include/LiveSupport/Core/XmlRpcInvalidDataException.h
Examining ./src/modules/core/include/LiveSupport/Core/LocalizedConfigurable.h
Examining ./src/modules/core/include/LiveSupport/Core/NumericTools.h
Examining ./src/modules/core/src/EnumerationConstraint.h
Examining ./src/modules/core/src/ScheduleEntry.cxx
Examining ./src/modules/core/src/MetadataTypeContainer.cxx
Examining ./src/modules/core/src/LocalizedObjectTest.h
Examining ./src/modules/core/src/RdsContainerTest.h
Examining ./src/modules/core/src/XmlRpcTools.cxx
Examining ./src/modules/core/src/RdsContainer.cxx
Examining ./src/modules/core/src/ThreadTest.h
Examining ./src/modules/core/src/Playlist.cxx
Examining ./src/modules/core/src/TestRunnable.cxx
Examining ./src/modules/core/src/TimeConversionTest.cxx
Examining ./src/modules/core/src/UuidTest.cxx
Examining ./src/modules/core/src/MetadataTypeContainerTest.h
Examining ./src/modules/core/src/NumericConstraint.cxx
Examining ./src/modules/core/src/FadeInfo.cxx
Examining ./src/modules/core/src/AsyncState.cxx
Examining ./src/modules/core/src/TimeConversionTest.h
Examining ./src/modules/core/src/UniqueIdTest.cxx
Examining ./src/modules/core/src/Md5.cxx

./src/modules/core/src/Md5.cxx:221: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination. Make sure destination can always hold the source data.

        memcpy (buffer + buffer_index, input, buffer_space);

./src/modules/core/src/Md5.cxx:235: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination. Make sure destination can always hold the source data.

    memcpy(buffer+buffer_index, input+input_index, input_length-input_index);

./src/modules/core/src/Md5.cxx:269: [1] (buffer) read: Check buffer boundaries if used in a loop.

        stream.read((char *)buffer, 1024);

./src/modules/core/src/Md5.cxx:513: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination. Make sure destination can always hold the source data.

void Md5::memcpy (uint1 *output, uint1 *input, uint4 len){

Examining ./src/modules/core/src/PlaylistTest.h
Examining ./src/modules/core/src/MetadataConstraint.cxx
Examining ./src/modules/core/src/MetadataTypeContainerTest.cxx
Examining ./src/modules/core/src/LocalizedConfigurable.cxx
Examining ./src/modules/core/src/SearchCriteriaTest.cxx
Examining ./src/modules/core/src/Playable.cxx
Examining ./src/modules/core/src/TestRunnable.h
Examining ./src/modules/core/src/EnumerationConstraint.cxx
Examining ./src/modules/core/src/UuidTest.h
Examining ./src/modules/core/src/LocalizedObjectTest.cxx
Examining ./src/modules/core/src/FileToolsTest.cxx

./src/modules/core/src/FileToolsTest.cxx:125: [2] (misc) fopen: Check when opening files – can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents?.

    file = fopen(fileExtracted.c_str(), "r");

./src/modules/core/src/FileToolsTest.cxx:134: [2] (misc) fopen: Check when opening files – can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents?.

    file = fopen(fileExtracted.c_str(), "r");

./src/modules/core/src/FileToolsTest.cxx:139: [2] (misc) fopen: Check when opening files – can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents?.

    file = fopen(fileExtracted.c_str(), "r");

Examining ./src/modules/core/src/FadeInfoTest.h
Examining ./src/modules/core/src/ThreadTest.cxx
Examining ./src/modules/core/src/RdsItem.cxx
Examining ./src/modules/core/src/AudioClip.cxx
Examining ./src/modules/core/src/Md5Test.h
Examining ./src/modules/core/src/PlaylistElement.cxx
Examining ./src/modules/core/src/BaseTestMethod.cxx

./src/modules/core/src/BaseTestMethod.cxx:114: [2] (misc) open: Check when opening files – can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents?.

        file.open(fileName.c_str());

./src/modules/core/src/BaseTestMethod.cxx:125: [2] (misc) open: Check when opening files – can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents?.

    file.open(fileName.c_str());

Examining ./src/modules/core/src/LocalizedConfigurableTest.h
Examining ./src/modules/core/src/SearchCriteriaTest.h
Examining ./src/modules/core/src/ScheduleEntryTest.cxx
Examining ./src/modules/core/src/XmlRpcException.cxx
Examining ./src/modules/core/src/FileToolsTest.h
Examining ./src/modules/core/src/PlaylistElementTest.h
Examining ./src/modules/core/src/XmlRpcToolsTest.cxx
Examining ./src/modules/core/src/RdsContainerTest.cxx

./src/modules/core/src/RdsContainerTest.cxx:79: [2] (misc) open: Check when opening files – can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents?.

    ifs.open(configFileName.c_str());

Examining ./src/modules/core/src/OptionsContainer.cxx
Examining ./src/modules/core/src/AudioClipTest.h
Examining ./src/modules/core/src/ScheduleEntryTest.h
Examining ./src/modules/core/src/PlaylistTest.cxx
Examining ./src/modules/core/src/NumericRangeConstraint.h
Examining ./src/modules/core/src/TimeConversion.cxx
Examining ./src/modules/core/src/Uuid.cxx

./src/modules/core/src/Uuid.cxx:286: [3] (random) srand: This function is not sufficiently random for security-related functions such as key and nonce creation. use a more secure technique for acquiring random values.

        srand((unsigned int)(((timeNow >> 32) ^ timeNow)&0xffffffff));

Examining ./src/modules/core/src/TestRunner.cxx

./src/modules/core/src/TestRunner.cxx:195: [3] (buffer) getopt_long: Some older implementations do not protect against internal buffer overflows . Check implementation on installation, or limit the size of all string inputs.

    while ((i = getopt_long(argc, argv, options, longOptions, 0)) != -1) {

Examining ./src/modules/core/src/FadeInfoTest.cxx
Examining ./src/modules/core/src/XmlRpcToolsTest.h
Examining ./src/modules/core/src/AsyncStateTest.cxx
Examining ./src/modules/core/src/MetadataType.cxx
Examining ./src/modules/core/src/UniqueId.cxx
Examining ./src/modules/core/src/Md5Test.cxx

./src/modules/core/src/Md5Test.cxx:106: [2] (misc) fopen: Check when opening files – can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents?.

    FILE    *f = fopen("var/md5test.data", "r");

Examining ./src/modules/core/src/Thread.cxx
Examining ./src/modules/core/src/NumericRangeConstraint.cxx
Examining ./src/modules/core/src/SearchCriteria.cxx
Examining ./src/modules/core/src/LocalizedConfigurableTest.cxx
Examining ./src/modules/core/src/NumericConstraint.h
Examining ./src/modules/core/src/LocalizedObject.cxx

./src/modules/core/src/LocalizedObject.cxx:325: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination. Make sure destination can always hold the source data.

        std::memcpy(strBuf, data, length);

Examining ./src/modules/core/src/FileTools.cxx

./src/modules/core/src/FileTools.cxx:83: [2] (misc) fopen: Check when opening files – can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents?.

    FILE*   file    = fopen(path.c_str(), "wb");

./src/modules/core/src/FileTools.cxx:123: [2] (misc) fopen: Check when opening files – can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents?.

    FILE*   file    = fopen(path.c_str(), "rb");

./src/modules/core/src/FileTools.cxx:163: [3] (tmpfile) tempnam: Temporary file race condition.

FileTools :: tempnam(void)                                      throw ()

./src/modules/core/src/FileTools.cxx:165: [3] (tmpfile) tempnam: Temporary file race condition.

    std::string     fileName(::tempnam(NULL, NULL));

Examining ./src/modules/core/src/AsyncStateTest.h
Examining ./src/modules/core/src/UniqueIdTest.h
Examining ./src/modules/core/src/PlaylistElementTest.cxx
Examining ./src/modules/core/src/AudioClipTest.cxx
Examining ./src/modules/core/src/NumericToolsTest.cxx
Examining ./src/modules/core/src/NumericTools.cxx
Examining ./src/modules/core/src/NumericToolsTest.h
Examining ./src/modules/authentication/include/LiveSupport/Authentication/AuthenticationClientInterface.h
Examining ./src/modules/authentication/include/LiveSupport/Authentication/AuthenticationClientFactory.h
Examining ./src/modules/authentication/src/TestAuthenticationClientTest.cxx
Examining ./src/modules/authentication/src/TestAuthenticationClient.cxx
Examining ./src/modules/authentication/src/WebAuthenticationClientTest.h
Examining ./src/modules/authentication/src/WebAuthenticationClient.h
Examining ./src/modules/authentication/src/TestAuthenticationClientTest.h
Examining ./src/modules/authentication/src/TestAuthenticationClient.h
Examining ./src/modules/authentication/src/AuthenticationClientFactoryTest.cxx
Examining ./src/modules/authentication/src/AuthenticationClientFactory.cxx
Examining ./src/modules/authentication/src/TestRunner.cxx

./src/modules/authentication/src/TestRunner.cxx:195: [3] (buffer) getopt_long: Some older implementations do not protect against internal buffer overflows . Check implementation on installation, or limit the size of all string inputs.

    while ((i = getopt_long(argc, argv, options, longOptions, 0)) != -1) {

Examining ./src/modules/authentication/src/AuthenticationClientFactoryTest.h
Examining ./src/modules/authentication/src/WebAuthenticationClient.cxx
Examining ./src/modules/authentication/src/WebAuthenticationClientTest.cxx
Examining ./src/modules/db/include/LiveSupport/Db/ConnectionManagerInterface.h
Examining ./src/modules/db/include/LiveSupport/Db/ConnectionManagerFactory.h
Examining ./src/modules/db/include/LiveSupport/Db/Conversion.h
Examining ./src/modules/db/src/ConnectionManagerFactoryTest.cxx
Examining ./src/modules/db/src/ConnectionManagerFactory.cxx
Examining ./src/modules/db/src/SimpleConnectionManagerTest.cxx
Examining ./src/modules/db/src/SimpleConnectionManager.cxx
Examining ./src/modules/db/src/Conversion.cxx
Examining ./src/modules/db/src/TestRunner.cxx

./src/modules/db/src/TestRunner.cxx:195: [3] (buffer) getopt_long: Some older implementations do not protect against internal buffer overflows . Check implementation on installation, or limit the size of all string inputs.

    while ((i = getopt_long(argc, argv, options, longOptions, 0)) != -1) {

Examining ./src/modules/db/src/ConnectionManagerFactoryTest.h
Examining ./src/modules/db/src/SimpleConnectionManager.h
Examining ./src/modules/db/src/SimpleConnectionManagerTest.h
Examining ./src/modules/storageClient/include/LiveSupport/StorageClient/StorageClientFactory.h
Examining ./src/modules/storageClient/include/LiveSupport/StorageClient/StorageClientInterface.h
Examining ./src/modules/storageClient/src/StorageClientFactoryTest.h
Examining ./src/modules/storageClient/src/WebStorageClient.cxx
Examining ./src/modules/storageClient/src/WebStorageClientTest.cxx
Examining ./src/modules/storageClient/src/TestStorageClient.cxx
Examining ./src/modules/storageClient/src/TestStorageClientTest.cxx
Examining ./src/modules/storageClient/src/WebStorageClient.h
Examining ./src/modules/storageClient/src/WebStorageClientTest.h
Examining ./src/modules/storageClient/src/TestStorageClient.h
Examining ./src/modules/storageClient/src/TestStorageClientTest.h
Examining ./src/modules/storageClient/src/TestRunner.cxx

./src/modules/storageClient/src/TestRunner.cxx:195: [3] (buffer) getopt_long: Some older implementations do not protect against internal buffer overflows . Check implementation on installation, or limit the size of all string inputs.

    while ((i = getopt_long(argc, argv, options, longOptions, 0)) != -1) {

Examining ./src/modules/storageClient/src/StorageClientFactory.cxx
Examining ./src/modules/storageClient/src/StorageClientFactoryTest.cxx
Warning: skipping non-regular file ./src/modules/gstreamerElements/include Warning: skipping non-regular file ./src/modules/gstreamerElements/src Examining ./src/modules/playlistExecutor/include/LiveSupport/PlaylistExecutor/AudioPlayerEventListener.h
Examining ./src/modules/playlistExecutor/include/LiveSupport/PlaylistExecutor/AudioPlayerInterface.h

./src/modules/playlistExecutor/include/LiveSupport/PlaylistExecutor/AudioPlayerInterface.h:156: [2] (misc) open: Check when opening files – can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents?.

        open(const std::string  fileUrl)        throw (std::invalid_argument,

Examining ./src/modules/playlistExecutor/include/LiveSupport/PlaylistExecutor/AudioPlayerFactory.h
Examining ./src/modules/playlistExecutor/src/AudioPlayerFactoryGstreamerTest.cxx

./src/modules/playlistExecutor/src/AudioPlayerFactoryGstreamerTest.cxx:159: [2] (misc) open: Check when opening files – can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents?.

        audioPlayer->open("file:///tmp/campcaster/simple.smil");

Examining ./src/modules/playlistExecutor/src/TwoGstreamerPlayersTest.cxx

./src/modules/playlistExecutor/src/TwoGstreamerPlayersTest.cxx:154: [2] (misc) open: Check when opening files – can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents?.

        player1->open("file:///tmp/campcaster/test10001.mp3");

./src/modules/playlistExecutor/src/TwoGstreamerPlayersTest.cxx:181: [2] (misc) open: Check when opening files – can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents?.

        player2->open("file:///tmp/campcaster/test.mp3");

./src/modules/playlistExecutor/src/TwoGstreamerPlayersTest.cxx:211: [2] (misc) open: Check when opening files – can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents?.

        player1->open("file:///tmp/campcaster/test10001.mp3");

./src/modules/playlistExecutor/src/TwoGstreamerPlayersTest.cxx:226: [2] (misc) open: Check when opening files – can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents?.

        player2->open("file:///tmp/campcaster/test.mp3");

Examining ./src/modules/playlistExecutor/src/AudioPlayerFactoryGstreamerTest.h
Examining ./src/modules/playlistExecutor/src/AudioPlayerFactory.cxx
Examining ./src/modules/playlistExecutor/src/GstreamerPlayer.cxx

./src/modules/playlistExecutor/src/GstreamerPlayer.cxx:249: [2] (misc) open: Check when opening files – can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents?.

GstreamerPlayer :: open(const std::string   fileUri)

Examining ./src/modules/playlistExecutor/src/GstreamerPlayerTest.cxx

./src/modules/playlistExecutor/src/GstreamerPlayerTest.cxx:134: [2] (misc) open: Check when opening files – can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents?.

        player->open("file:///tmp/campcaster/test.mp3");

./src/modules/playlistExecutor/src/GstreamerPlayerTest.cxx:170: [2] (misc) open: Check when opening files – can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents?.

        player->open("file:///tmp/campcaster/test.mp3");

./src/modules/playlistExecutor/src/GstreamerPlayerTest.cxx:220: [2] (misc) open: Check when opening files – can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents?.

        player->open("file:///tmp/campcaster/test-short.mp3");

./src/modules/playlistExecutor/src/GstreamerPlayerTest.cxx:240: [2] (misc) open: Check when opening files – can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents?.

        player->open("file:///tmp/campcaster/test-short.mp3");

./src/modules/playlistExecutor/src/GstreamerPlayerTest.cxx:258: [2] (misc) open: Check when opening files – can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents?.

        player->open("file:///tmp/campcaster/test-short.mp3");

./src/modules/playlistExecutor/src/GstreamerPlayerTest.cxx:280: [2] (misc) open: Check when opening files – can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents?.

        player->open("file:///tmp/campcaster/test-short.mp3")

./src/modules/playlistExecutor/src/GstreamerPlayerTest.cxx:308: [2] (misc) open: Check when opening files – can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents?.

        player->open("file:///tmp/campcaster/simpleSmil.smil");

./src/modules/playlistExecutor/src/GstreamerPlayerTest.cxx:337: [2] (misc) open: Check when opening files – can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents?.

        player->open("file:///tmp/campcaster/sequentialSmil.smil");

./src/modules/playlistExecutor/src/GstreamerPlayerTest.cxx:367: [2] (misc) open: Check when opening files – can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents?.

        player->open("file:///tmp/campcaster/animatedSmil.smil");

./src/modules/playlistExecutor/src/GstreamerPlayerTest.cxx:417: [2] (misc) open: Check when opening files – can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents?.

        player->open("totally/bad/URL");

./src/modules/playlistExecutor/src/GstreamerPlayerTest.cxx:435: [2] (misc) open: Check when opening files – can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents?.

        player->open("file:///tmp/campcaster/test.mp3");

./src/modules/playlistExecutor/src/GstreamerPlayerTest.cxx:444: [2] (misc) open: Check when opening files – can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents?.

        player->open("totally/bad/URL");

./src/modules/playlistExecutor/src/GstreamerPlayerTest.cxx:509: [2] (misc) open: Check when opening files – can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents?.

        player->open("file:///tmp/campcaster/test.mp3");

./src/modules/playlistExecutor/src/GstreamerPlayerTest.cxx:534: [2] (misc) open: Check when opening files – can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents?.

        player->open("file:///tmp/campcaster/test.mp3");

./src/modules/playlistExecutor/src/GstreamerPlayerTest.cxx:563: [2] (misc) open: Check when opening files – can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents?.

        player->open("file:///tmp/campcaster/test.mp3");

./src/modules/playlistExecutor/src/GstreamerPlayerTest.cxx:597: [2] (misc) open: Check when opening files – can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents?.

        player->open("file:///tmp/campcaster/test-short.mp3");

./src/modules/playlistExecutor/src/GstreamerPlayerTest.cxx:638: [2] (misc) open: Check when opening files – can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents?.

            player->open("file:///tmp/campcaster/test-short.mp3");

./src/modules/playlistExecutor/src/GstreamerPlayerTest.cxx:670: [2] (misc) open: Check when opening files – can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents?.

        player->open(fileName);

./src/modules/playlistExecutor/src/GstreamerPlayerTest.cxx:737: [2] (misc) open: Check when opening files – can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents?.

        player->open("file:///tmp/campcaster/test10001.mp3");

./src/modules/playlistExecutor/src/GstreamerPlayerTest.cxx:808: [2] (misc) open: Check when opening files – can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents?.

        player->open("file:///tmp/campcaster/test.mp3");

./src/modules/playlistExecutor/src/GstreamerPlayerTest.cxx:821: [2] (misc) open: Check when opening files – can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents?.

        player2->open("file:///tmp/campcaster/test.mp3");

Examining ./src/modules/playlistExecutor/src/TwoGstreamerPlayersTest.h
Examining ./src/modules/playlistExecutor/src/TestRunner.cxx

./src/modules/playlistExecutor/src/TestRunner.cxx:189: [2] (buffer) char: Statically-sized arrays can be overflowed. Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length.

          char tmp[255]={0};

./src/modules/playlistExecutor/src/TestRunner.cxx:190: [2] (buffer) sprintf: Does not check for buffer overflows. Use snprintf or vsnprintf. Risk is low because the source has a constant maximum length.

          sprintf(tmp, "file:///tmp/campcaster/%d.ogg", cnt+1);//use when file name needed

./src/modules/playlistExecutor/src/TestRunner.cxx:495: [3] (buffer) getopt_long: Some older implementations do not protect against internal buffer overflows . Check implementation on installation, or limit the size of all string inputs.

    while ((i = getopt_long(argc, argv, options, longOptions, 0)) != -1) {

Examining ./src/modules/playlistExecutor/src/GstreamerPlayer.h

./src/modules/playlistExecutor/src/GstreamerPlayer.h:289: [2] (misc) open: Check when opening files – can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents?.

        open(const std::string  fileUrl)        throw (std::invalid_argument,

Examining ./src/modules/playlistExecutor/src/GstreamerPlayerTest.h
Examining ./src/modules/playlistExecutor/src/TestEventListener.h
Examining ./src/modules/playlistExecutor/src/SmilHandler.h
Examining ./src/modules/playlistExecutor/src/GstreamerPlayContext.h
Examining ./src/modules/eventScheduler/include/LiveSupport/EventScheduler/EventScheduler.h
Examining ./src/modules/eventScheduler/include/LiveSupport/EventScheduler/ScheduledEventInterface.h
Examining ./src/modules/eventScheduler/include/LiveSupport/EventScheduler/EventContainerInterface.h
Examining ./src/modules/eventScheduler/src/EventSchedulerTest.cxx
Examining ./src/modules/eventScheduler/src/EventScheduler.cxx
Examining ./src/modules/eventScheduler/src/TestScheduledEvent.cxx
Examining ./src/modules/eventScheduler/src/TestEventContainer.cxx
Examining ./src/modules/eventScheduler/src/EventSchedulerTest.h
Examining ./src/modules/eventScheduler/src/SchedulerThread.cxx
Examining ./src/modules/eventScheduler/src/SchedulerThreadTest.cxx
Examining ./src/modules/eventScheduler/src/TestScheduledEvent.h
Examining ./src/modules/eventScheduler/src/TestEventContainer.h
Examining ./src/modules/eventScheduler/src/TestRunner.cxx

./src/modules/eventScheduler/src/TestRunner.cxx:195: [3] (buffer) getopt_long: Some older implementations do not protect against internal buffer overflows . Check implementation on installation, or limit the size of all string inputs.

    while ((i = getopt_long(argc, argv, options, longOptions, 0)) != -1) {

Examining ./src/modules/eventScheduler/src/SchedulerThread.h
Examining ./src/modules/eventScheduler/src/SchedulerThreadTest.h
Examining ./src/modules/schedulerClient/include/LiveSupport/SchedulerClient/SchedulerClientInterface.h
Examining ./src/modules/schedulerClient/include/LiveSupport/SchedulerClient/SchedulerClientFactory.h
Examining ./src/modules/schedulerClient/src/SchedulerClientFactoryTest.cxx
Examining ./src/modules/schedulerClient/src/SchedulerClientFactory.cxx
Examining ./src/modules/schedulerClient/src/SchedulerDaemonXmlRpcClientTest.cxx

./src/modules/schedulerClient/src/SchedulerDaemonXmlRpcClientTest.cxx:427: [2] (misc) fopen: Check when opening files – can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents?.

    file = fopen(extractedTempFileName.c_str(), "r");

./src/modules/schedulerClient/src/SchedulerDaemonXmlRpcClientTest.cxx:436: [2] (misc) fopen: Check when opening files – can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents?.

    file = fopen(extractedTempFileName.c_str(), "r");

./src/modules/schedulerClient/src/SchedulerDaemonXmlRpcClientTest.cxx:441: [2] (misc) fopen: Check when opening files – can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents?.

    file = fopen(extractedTempFileName.c_str(), "r");

Examining ./src/modules/schedulerClient/src/SchedulerDaemonXmlRpcClient.cxx
Examining ./src/modules/schedulerClient/src/TestRunner.cxx

./src/modules/schedulerClient/src/TestRunner.cxx:195: [3] (buffer) getopt_long: Some older implementations do not protect against internal buffer overflows . Check implementation on installation, or limit the size of all string inputs.

    while ((i = getopt_long(argc, argv, options, longOptions, 0)) != -1) {

Examining ./src/modules/schedulerClient/src/SchedulerDaemonXmlRpcClient.h
Examining ./src/modules/schedulerClient/src/SchedulerClientFactoryTest.h
Examining ./src/modules/schedulerClient/src/SchedulerDaemonXmlRpcClientTest.h
Examining ./src/modules/widgets/include/LiveSupport/Widgets/Colors.h
Examining ./src/modules/widgets/include/LiveSupport/Widgets/OperatorComboBoxText.h
Examining ./src/modules/widgets/include/LiveSupport/Widgets/ZebraCellRenderer.h
Examining ./src/modules/widgets/include/LiveSupport/Widgets/CornerBitmaps.h
Examining ./src/modules/widgets/include/LiveSupport/Widgets/PlayableTreeModelColumnRecord.h
Examining ./src/modules/widgets/include/LiveSupport/Widgets/WidgetConstants.h
Examining ./src/modules/widgets/include/LiveSupport/Widgets/WidgetFactory.h
Examining ./src/modules/widgets/include/LiveSupport/Widgets/ComboBoxText.h
Examining ./src/modules/widgets/include/LiveSupport/Widgets/MetadataComboBoxText.h
Examining ./src/modules/widgets/include/LiveSupport/Widgets/ZebraTreeView.h
Examining ./src/modules/widgets/include/LiveSupport/Widgets/ZebraTreeModelColumnRecord.h
Examining ./src/modules/widgets/src/main.cxx

./src/modules/widgets/src/main.cxx:125: [3] (buffer) getopt_long: Some older implementations do not protect against internal buffer overflows . Check implementation on installation, or limit the size of all string inputs.

    while ((i = getopt_long(argc, argv, options, longOptions, 0)) != -1) {

Examining ./src/modules/widgets/src/MetadataComboBoxText.cxx
Examining ./src/modules/widgets/src/ZebraTreeView.cxx
Examining ./src/modules/widgets/src/TestWindow.h
Examining ./src/modules/widgets/src/OperatorComboBoxText.cxx
Examining ./src/modules/widgets/src/ZebraCellRenderer.cxx
Examining ./src/modules/widgets/src/Colors.cxx
Examining ./src/modules/widgets/src/TestWindow.cxx
Examining ./src/modules/widgets/src/WidgetFactory.cxx
Examining ./src/modules/widgets/src/ComboBoxText.cxx
Examining ./src/products/scheduler/src/RpcGetVersionTest.h
Examining ./src/products/scheduler/src/XmlRpcDaemon.h
Examining ./src/products/scheduler/src/PlaylistEventContainerTest.cxx
Examining ./src/products/scheduler/src/PostgresqlScheduleTest.cxx
Examining ./src/products/scheduler/src/PostgresqlPlayLogTest.h
Examining ./src/products/scheduler/src/DisplayScheduleMethod.cxx
Examining ./src/products/scheduler/src/GetSchedulerTimeMethodTest.h
Examining ./src/products/scheduler/src/RescheduleMethodTest.cxx
Examining ./src/products/scheduler/src/RemoveFromScheduleMethod.h
Examining ./src/products/scheduler/src/SignalDispatcher.cxx
Examining ./src/products/scheduler/src/SchedulerDaemon.h
Examining ./src/products/scheduler/src/CreateBackupCheckMethod.cxx
Examining ./src/products/scheduler/src/RpcRemoveFromScheduleTest.h
Examining ./src/products/scheduler/src/RpcRescheduleTest.cxx
Examining ./src/products/scheduler/src/PostgresqlBackup.cxx

./src/products/scheduler/src/PostgresqlBackup.cxx:320: [3] (tmpfile) tempnam: Temporary file race condition.

    std::string             tmpFileName = FileTools::tempnam();

./src/products/scheduler/src/PostgresqlBackup.cxx:407: [3] (tmpfile) tempnam: Temporary file race condition.

    std::string             tmpFileName = FileTools::tempnam();

Examining ./src/products/scheduler/src/ResetStorageMethodTest.h
Examining ./src/products/scheduler/src/RestoreBackupMethod.h
Examining ./src/products/scheduler/src/BaseTestMethod.h
Examining ./src/products/scheduler/src/SignalHandler.h
Examining ./src/products/scheduler/src/ScheduleInterface.h
Examining ./src/products/scheduler/src/PlaylistEvent.cxx

./src/products/scheduler/src/PlaylistEvent.cxx:161: [2] (misc) open: Check when opening files – can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents?.

        audioPlayer->open(*playlist->getUri());

Examining ./src/products/scheduler/src/PostgresqlScheduleTest.h
Examining ./src/products/scheduler/src/DisplayScheduleMethodTest.h
Examining ./src/products/scheduler/src/UploadPlaylistMethod.cxx
Examining ./src/products/scheduler/src/RpcUploadPlaylistTest.cxx
Examining ./src/products/scheduler/src/RescheduleMethodTest.h
Examining ./src/products/scheduler/src/LoginMethod.cxx
Examining ./src/products/scheduler/src/SignalDispatcher.h
Examining ./src/products/scheduler/src/RpcGeneratePlayReportTest.cxx
Examining ./src/products/scheduler/src/CreateBackupOpenMethod.cxx
Examining ./src/products/scheduler/src/GeneratePlayReportMethod.cxx
Examining ./src/products/scheduler/src/CreateBackupCheckMethod.h
Examining ./src/products/scheduler/src/RpcRescheduleTest.h
Examining ./src/products/scheduler/src/PostgresqlBackupTest.h
Examining ./src/products/scheduler/src/CreateBackupCloseMethod.cxx
Examining ./src/products/scheduler/src/ScheduleFactory.cxx
Examining ./src/products/scheduler/src/BackupFactory.h
Examining ./src/products/scheduler/src/CreateBackupOpenMethod.h
Examining ./src/products/scheduler/src/GetVersionMethod.cxx
Examining ./src/products/scheduler/src/PlaylistEventTest.h
Examining ./src/products/scheduler/src/RpcDisplayScheduleTest.cxx
Examining ./src/products/scheduler/src/XmlRpcDaemon.cxx

./src/products/scheduler/src/XmlRpcDaemon.cxx:202: [1] (access) umask: Ensure that umask is given most restrictive possible setting (e.g., 066 or 077).

    umask(uMask);

Examining ./src/products/scheduler/src/GeneratePlayReportMethodTest.h
Examining ./src/products/scheduler/src/PostgresqlPlayLogTest.cxx
Examining ./src/products/scheduler/src/PlaylistEventContainerTest.h
Examining ./src/products/scheduler/src/UploadPlaylistMethodTest.h
Examining ./src/products/scheduler/src/GetSchedulerTimeMethod.cxx
Examining ./src/products/scheduler/src/RemoveFromScheduleMethod.cxx
Examining ./src/products/scheduler/src/RpcRemoveFromScheduleTest.cxx
Examining ./src/products/scheduler/src/RpcGetSchedulerTimeTest.cxx
Examining ./src/products/scheduler/src/SchedulerDaemonTest.cxx
Examining ./src/products/scheduler/src/DisplayScheduleMethodTest.cxx
Examining ./src/products/scheduler/src/CreateBackupCloseMethod.h
Examining ./src/products/scheduler/src/ResetStorageMethod.cxx
Examining ./src/products/scheduler/src/main.cxx

./src/products/scheduler/src/main.cxx:142: [3] (buffer) getopt_long: Some older implementations do not protect against internal buffer overflows . Check implementation on installation, or limit the size of all string inputs.

    while ((i = getopt_long(argc, argv, options, longOptions, 0)) != -1) {

Examining ./src/products/scheduler/src/XmlRpcDaemonShutdownSignalHandler.h
Examining ./src/products/scheduler/src/ScheduleFactory.h
Examining ./src/products/scheduler/src/RpcBackupTest.cxx

./src/products/scheduler/src/RpcBackupTest.cxx:267: [2] (misc) fopen: Check when opening files – can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents?.

    file = fopen(extractedTempFileName.c_str(), "r");

./src/products/scheduler/src/RpcBackupTest.cxx:276: [2] (misc) fopen: Check when opening files – can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents?.

    file = fopen(extractedTempFileName.c_str(), "r");

./src/products/scheduler/src/RpcBackupTest.cxx:281: [2] (misc) fopen: Check when opening files – can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents?.

    file = fopen(extractedTempFileName.c_str(), "r");

Examining ./src/products/scheduler/src/BaseTestMethod.cxx
Examining ./src/products/scheduler/src/BackupInterface.h
Examining ./src/products/scheduler/src/GetVersionMethod.h
Examining ./src/products/scheduler/src/PostgresqlSchedule.cxx
Examining ./src/products/scheduler/src/PostgresqlPlayLog.h
Examining ./src/products/scheduler/src/RpcGetSchedulerTimeTest.h
Examining ./src/products/scheduler/src/GetSchedulerTimeMethod.h
Examining ./src/products/scheduler/src/RescheduleMethod.cxx
Examining ./src/products/scheduler/src/PlayLogFactory.h
Examining ./src/products/scheduler/src/RemoveFromScheduleMethodTest.h
Examining ./src/products/scheduler/src/PlaylistEventContainer.cxx
Examining ./src/products/scheduler/src/SchedulerDaemonTest.h
Examining ./src/products/scheduler/src/PostgresqlBackupTest.cxx

./src/products/scheduler/src/PostgresqlBackupTest.cxx:200: [2] (misc) fopen: Check when opening files – can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents?.

    file = fopen(extractedTempFileName.c_str(), "r");

./src/products/scheduler/src/PostgresqlBackupTest.cxx:209: [2] (misc) fopen: Check when opening files – can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents?.

    file = fopen(extractedTempFileName.c_str(), "r");

./src/products/scheduler/src/PostgresqlBackupTest.cxx:214: [2] (misc) fopen: Check when opening files – can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents?.

    file = fopen(extractedTempFileName.c_str(), "r");

Examining ./src/products/scheduler/src/ResetStorageMethod.h
Examining ./src/products/scheduler/src/BackupFactory.cxx
Examining ./src/products/scheduler/src/RpcBackupTest.h
Examining ./src/products/scheduler/src/PlaylistEventTest.cxx
Examining ./src/products/scheduler/src/PostgresqlSchedule.h
Examining ./src/products/scheduler/src/GeneratePlayReportMethodTest.cxx
Examining ./src/products/scheduler/src/UploadPlaylistMethodTest.cxx
Examining ./src/products/scheduler/src/DisplayScheduleMethod.h
Examining ./src/products/scheduler/src/RescheduleMethod.h
Examining ./src/products/scheduler/src/TestRunner.cxx

./src/products/scheduler/src/TestRunner.cxx:212: [3] (buffer) getopt_long: Some older implementations do not protect against internal buffer overflows . Check implementation on installation, or limit the size of all string inputs.

    while ((i = getopt_long(argc, argv, options, longOptions, 0)) != -1) {

Examining ./src/products/scheduler/src/LogoutMethod.cxx
Examining ./src/products/scheduler/src/PlayLogInterface.h
Examining ./src/products/scheduler/src/GetVersionMethodTest.cxx
Examining ./src/products/scheduler/src/PostgresqlBackup.h
Examining ./src/products/scheduler/src/StopCurrentlyPlayingMethod.cxx
Examining ./src/products/scheduler/src/RpcStopCurrentlyPlayingTest.cxx
Examining ./src/products/scheduler/src/PlaylistEvent.h
Examining ./src/products/scheduler/src/RpcGetVersionTest.cxx
Examining ./src/products/scheduler/src/PostgresqlPlayLog.cxx
Examining ./src/products/scheduler/src/PlaylistEventContainer.h
Examining ./src/products/scheduler/src/UploadPlaylistMethod.h
Examining ./src/products/scheduler/src/GetSchedulerTimeMethodTest.cxx
Examining ./src/products/scheduler/src/LoginMethod.h
Examining ./src/products/scheduler/src/RemoveFromScheduleMethodTest.cxx
Examining ./src/products/scheduler/src/LogoutMethod.h
Examining ./src/products/scheduler/src/PlayLogFactory.cxx
Examining ./src/products/scheduler/src/RpcUploadPlaylistTest.h
Examining ./src/products/scheduler/src/GeneratePlayReportMethod.h
Examining ./src/products/scheduler/src/SchedulerDaemon.cxx
Examining ./src/products/scheduler/src/RpcGeneratePlayReportTest.h
Examining ./src/products/scheduler/src/StopCurrentlyPlayingMethod.h
Examining ./src/products/scheduler/src/ResetStorageMethodTest.cxx
Examining ./src/products/scheduler/src/RestoreBackupMethod.cxx
Examining ./src/products/scheduler/src/GetVersionMethodTest.h
Examining ./src/products/scheduler/src/RpcStopCurrentlyPlayingTest.h
Examining ./src/products/scheduler/src/RpcDisplayScheduleTest.h
Examining ./src/products/gLiveSupport/src/OptionsWindow.cxx
Examining ./src/products/gLiveSupport/src/BrowseItem.cxx
Examining ./src/products/gLiveSupport/src/LiveModeWindow.h
Examining ./src/products/gLiveSupport/src/ExportPlaylistWindow.h
Examining ./src/products/gLiveSupport/src/RestoreBackupWindow.cxx
Examining ./src/products/gLiveSupport/src/MasterPanelWindow.h
Examining ./src/products/gLiveSupport/src/KeyboardShortcut.cxx
Examining ./src/products/gLiveSupport/src/ExportFormatRadioButtons.cxx
Examining ./src/products/gLiveSupport/src/SchedulePlaylistWindow.h
Examining ./src/products/gLiveSupport/src/GLiveSupportTest.cxx

./src/products/gLiveSupport/src/GLiveSupportTest.cxx:125: [2] (misc) open: Check when opening files – can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents?.

    ifs.open(configFileName.c_str());

./src/products/gLiveSupport/src/GLiveSupportTest.cxx:129: [2] (misc) open: Check when opening files – can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents?.

        ifs.open(gLiveSupportEtcConfigFileName.c_str());

Examining ./src/products/gLiveSupport/src/BrowseItem.h
Examining ./src/products/gLiveSupport/src/SchedulerWindow.cxx
Examining ./src/products/gLiveSupport/src/BrowseEntry.h
Examining ./src/products/gLiveSupport/src/main.cxx

./src/products/gLiveSupport/src/main.cxx:132: [3] (buffer) getopt_long: Some older implementations do not protect against internal buffer overflows . Check implementation on installation, or limit the size of all string inputs.

    while ((i = getopt_long(argc, argv, options, longOptions, 0)) != -1) {

Examining ./src/products/gLiveSupport/src/SchedulePlaylistWindow.cxx
Examining ./src/products/gLiveSupport/src/TaskbarIcons.h
Examining ./src/products/gLiveSupport/src/NowPlaying.h
Examining ./src/products/gLiveSupport/src/UploadFileWindow.cxx
Examining ./src/products/gLiveSupport/src/KeyboardShortcut.h
Examining ./src/products/gLiveSupport/src/ExportFormatRadioButtons.h
Examining ./src/products/gLiveSupport/src/BackupList.h
Examining ./src/products/gLiveSupport/src/GLiveSupport.h
Examining ./src/products/gLiveSupport/src/SchedulerWindow.h
Examining ./src/products/gLiveSupport/src/DateTimeChooserWindow.h
Examining ./src/products/gLiveSupport/src/PlaylistWindow.cxx
Examining ./src/products/gLiveSupport/src/ExportPlaylistWindow.cxx
Examining ./src/products/gLiveSupport/src/LoginWindow.cxx
Examining ./src/products/gLiveSupport/src/UploadFileWindow.h
Examining ./src/products/gLiveSupport/src/AdvancedSearchEntry.h
Examining ./src/products/gLiveSupport/src/MasterPanelWindow.cxx
Examining ./src/products/gLiveSupport/src/ScratchpadWindow.cxx
Examining ./src/products/gLiveSupport/src/RdsView.h
Examining ./src/products/gLiveSupport/src/PlaylistWindow.h
Examining ./src/products/gLiveSupport/src/ContentsStorable.h
Examining ./src/products/gLiveSupport/src/CuePlayer.h
Examining ./src/products/gLiveSupport/src/TransportList.cxx
Examining ./src/products/gLiveSupport/src/SearchWindow.h
Examining ./src/products/gLiveSupport/src/TaskbarIcons.cxx
Examining ./src/products/gLiveSupport/src/BrowseEntry.cxx
Examining ./src/products/gLiveSupport/src/LoginWindow.h
Examining ./src/products/gLiveSupport/src/KeyboardShortcutContainer.h
Examining ./src/products/gLiveSupport/src/NowPlaying.cxx
Examining ./src/products/gLiveSupport/src/DateTimeChooserWindow.cxx
Examining ./src/products/gLiveSupport/src/KeyboardShortcutList.cxx
Examining ./src/products/gLiveSupport/src/ScratchpadWindow.h
Examining ./src/products/gLiveSupport/src/KeyboardShortcutTest.cxx

./src/products/gLiveSupport/src/KeyboardShortcutTest.cxx:79: [2] (misc) open: Check when opening files – can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents?.

    ifs.open(configFileName.c_str());

Examining ./src/products/gLiveSupport/src/BackupView.cxx
Examining ./src/products/gLiveSupport/src/BackupList.cxx
Examining ./src/products/gLiveSupport/src/GuiObject.h
Examining ./src/products/gLiveSupport/src/GuiWindow.cxx
Examining ./src/products/gLiveSupport/src/GuiWindow.h
Examining ./src/products/gLiveSupport/src/GLiveSupport.cxx

./src/products/gLiveSupport/src/GLiveSupport.cxx:1301: [2] (misc) open: Check when opening files – can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents?.

                outputPlayer->open(*outputItemPlayingNow->getUri());

./src/products/gLiveSupport/src/GLiveSupport.cxx:1310: [2] (misc) open: Check when opening files – can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents?.

                outputPlayer->open(*outputItemPlayingNow->getUri());

./src/products/gLiveSupport/src/GLiveSupport.cxx:1431: [2] (misc) open: Check when opening files – can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents?.

                cuePlayer->open(*cueItemPlayingNow->getUri());

./src/products/gLiveSupport/src/GLiveSupport.cxx:1440: [2] (misc) open: Check when opening files – can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents?.

                cuePlayer->open(*cueItemPlayingNow->getUri());

./src/products/gLiveSupport/src/GLiveSupport.cxx:1757: [2] (misc) open: Check when opening files – can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents?.

        cuePlayer->open(*testAudioUrl);

./src/products/gLiveSupport/src/GLiveSupport.cxx:1803: [4] (shell) system: This causes a new program to execute and is difficult to use safely. try using a library call that implements the same functionality if available.

    system(schedulerDaemonStartCommand->c_str());

./src/products/gLiveSupport/src/GLiveSupport.cxx:1814: [4] (shell) system: This causes a new program to execute and is difficult to use safely. try using a library call that implements the same functionality if available.

    system(schedulerDaemonStopCommand->c_str());

Examining ./src/products/gLiveSupport/src/OptionsWindow.h
Examining ./src/products/gLiveSupport/src/TestRunner.cxx

./src/products/gLiveSupport/src/TestRunner.cxx:199: [3] (buffer) getopt_long: Some older implementations do not protect against internal buffer overflows . Check implementation on installation, or limit the size of all string inputs.

    while ((i = getopt_long(argc, argv, options, longOptions, 0)) != -1) {

Examining ./src/products/gLiveSupport/src/RdsEntry.cxx
Examining ./src/products/gLiveSupport/src/AdvancedSearchItem.cxx
Examining ./src/products/gLiveSupport/src/KeyboardShortcutList.h
Examining ./src/products/gLiveSupport/src/AdvancedSearchEntry.cxx
Examining ./src/products/gLiveSupport/src/TransportList.h
Examining ./src/products/gLiveSupport/src/AudioPlayerTest.cxx

./src/products/gLiveSupport/src/AudioPlayerTest.cxx:244: [2] (misc) open: Check when opening files – can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents?.

        audioPlayer->open(*audioClip->getUri())

./src/products/gLiveSupport/src/AudioPlayerTest.cxx:288: [2] (misc) open: Check when opening files – can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents?.

        audioPlayer->open(*playlist->getUri())

Examining ./src/products/gLiveSupport/src/KeyboardShortcutTest.h
Examining ./src/products/gLiveSupport/src/RdsView.cxx
Examining ./src/products/gLiveSupport/src/BackupView.h
Examining ./src/products/gLiveSupport/src/CuePlayer.cxx
Examining ./src/products/gLiveSupport/src/GuiObject.cxx
Examining ./src/products/gLiveSupport/src/RestoreBackupWindow.h
Examining ./src/products/gLiveSupport/src/GLiveSupportTest.h
Examining ./src/products/gLiveSupport/src/LiveModeWindow.cxx
Examining ./src/products/gLiveSupport/src/SearchWindow.cxx
Examining ./src/products/gLiveSupport/src/RdsEntry.h
Examining ./src/products/gLiveSupport/src/AdvancedSearchItem.h
Examining ./src/products/gLiveSupport/src/AudioPlayerTest.h
Examining ./src/products/gLiveSupport/src/KeyboardShortcutContainer.cxx
Examining ./src/products/gLiveSupport/src/GuiComponent.h
Examining ./src/products/gLiveSupport/src/GuiComponent.cxx
Examining ./src/products/gLiveSupport/src/DndMethods.cxx
Examining ./src/products/gLiveSupport/src/DndMethods.h

Final Results

./src/products/gLiveSupport/src/GLiveSupport.cxx:1803: [4] (shell) system: This causes a new program to execute and is difficult to use safely. try using a library call that implements the same functionality if available.
```
    system(schedulerDaemonStartCommand->c_str());
```
./src/products/gLiveSupport/src/GLiveSupport.cxx:1814: [4] (shell) system: This causes a new program to execute and is difficult to use safely. try using a library call that implements the same functionality if available.
```
    system(schedulerDaemonStopCommand->c_str());
```
./src/modules/authentication/src/TestRunner.cxx:195: [3] (buffer) getopt_long: Some older implementations do not protect against internal buffer overflows . Check implementation on installation, or limit the size of all string inputs.
```
    while ((i = getopt_long(argc, argv, options, longOptions, 0)) != -1) {
```
./src/modules/core/include/LiveSupport/Core/FileTools.h:101: [3] (tmpfile) tempnam: Temporary file race condition.
```
        tempnam(void)                                           throw ();
```
./src/modules/core/src/FileTools.cxx:163: [3] (tmpfile) tempnam: Temporary file race condition.
```
FileTools :: tempnam(void)                                      throw ()
```
./src/modules/core/src/FileTools.cxx:165: [3] (tmpfile) tempnam: Temporary file race condition.
```
    std::string     fileName(::tempnam(NULL, NULL));
```
./src/modules/core/src/TestRunner.cxx:195: [3] (buffer) getopt_long: Some older implementations do not protect against internal buffer overflows . Check implementation on installation, or limit the size of all string inputs.
```
    while ((i = getopt_long(argc, argv, options, longOptions, 0)) != -1) {
```
./src/modules/core/src/Uuid.cxx:286: [3] (random) srand: This function is not sufficiently random for security-related functions such as key and nonce creation. use a more secure technique for acquiring random values.
```
        srand((unsigned int)(((timeNow >> 32) ^ timeNow)&0xffffffff));
```
./src/modules/db/src/TestRunner.cxx:195: [3] (buffer) getopt_long: Some older implementations do not protect against internal buffer overflows . Check implementation on installation, or limit the size of all string inputs.
```
    while ((i = getopt_long(argc, argv, options, longOptions, 0)) != -1) {
```
./src/modules/eventScheduler/src/TestRunner.cxx:195: [3] (buffer) getopt_long: Some older implementations do not protect against internal buffer overflows . Check implementation on installation, or limit the size of all string inputs.
```
    while ((i = getopt_long(argc, argv, options, longOptions, 0)) != -1) {
```
./src/modules/playlistExecutor/src/TestRunner.cxx:495: [3] (buffer) getopt_long: Some older implementations do not protect against internal buffer overflows . Check implementation on installation, or limit the size of all string inputs.
```
    while ((i = getopt_long(argc, argv, options, longOptions, 0)) != -1) {
```
./src/modules/schedulerClient/src/TestRunner.cxx:195: [3] (buffer) getopt_long: Some older implementations do not protect against internal buffer overflows . Check implementation on installation, or limit the size of all string inputs.
```
    while ((i = getopt_long(argc, argv, options, longOptions, 0)) != -1) {
```
./src/modules/storageClient/src/TestRunner.cxx:195: [3] (buffer) getopt_long: Some older implementations do not protect against internal buffer overflows . Check implementation on installation, or limit the size of all string inputs.
```
    while ((i = getopt_long(argc, argv, options, longOptions, 0)) != -1) {
```
./src/modules/widgets/src/main.cxx:125: [3] (buffer) getopt_long: Some older implementations do not protect against internal buffer overflows . Check implementation on installation, or limit the size of all string inputs.
```
    while ((i = getopt_long(argc, argv, options, longOptions, 0)) != -1) {
```
./src/products/gLiveSupport/src/TestRunner.cxx:199: [3] (buffer) getopt_long: Some older implementations do not protect against internal buffer overflows . Check implementation on installation, or limit the size of all string inputs.
```
    while ((i = getopt_long(argc, argv, options, longOptions, 0)) != -1) {
```
./src/products/gLiveSupport/src/main.cxx:132: [3] (buffer) getopt_long: Some older implementations do not protect against internal buffer overflows . Check implementation on installation, or limit the size of all string inputs.
```
    while ((i = getopt_long(argc, argv, options, longOptions, 0)) != -1) {
```
./src/products/scheduler/src/PostgresqlBackup.cxx:320: [3] (tmpfile) tempnam: Temporary file race condition.
```
    std::string             tmpFileName = FileTools::tempnam();
```
./src/products/scheduler/src/PostgresqlBackup.cxx:407: [3] (tmpfile) tempnam: Temporary file race condition.
```
    std::string             tmpFileName = FileTools::tempnam();
```
./src/products/scheduler/src/TestRunner.cxx:212: [3] (buffer) getopt_long: Some older implementations do not protect against internal buffer overflows . Check implementation on installation, or limit the size of all string inputs.
```
    while ((i = getopt_long(argc, argv, options, longOptions, 0)) != -1) {
```
./src/products/scheduler/src/main.cxx:142: [3] (buffer) getopt_long: Some older implementations do not protect against internal buffer overflows . Check implementation on installation, or limit the size of all string inputs.
```
    while ((i = getopt_long(argc, argv, options, longOptions, 0)) != -1) {
```
./src/modules/core/include/LiveSupport/Core/Md5.h:175: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination. Make sure destination can always hold the source data.
```
      static void memcpy    (uint1 *dest, uint1 *src, uint4 length);
```
./src/modules/core/include/LiveSupport/Core/Uuid.h:108: [2] (buffer) char: Statically-sized arrays can be overflowed. Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length.
```
            char            nodeId[6];
```
./src/modules/core/src/BaseTestMethod.cxx:114: [2] (misc) open: Check when opening files – can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents?.
```
        file.open(fileName.c_str());
```
./src/modules/core/src/BaseTestMethod.cxx:125: [2] (misc) open: Check when opening files – can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents?.
```
    file.open(fileName.c_str());
```
./src/modules/core/src/FileTools.cxx:83: [2] (misc) fopen: Check when opening files – can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents?.
```
    FILE*   file    = fopen(path.c_str(), "wb");
```
./src/modules/core/src/FileTools.cxx:123: [2] (misc) fopen: Check when opening files – can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents?.
```
    FILE*   file    = fopen(path.c_str(), "rb");
```
./src/modules/core/src/FileToolsTest.cxx:125: [2] (misc) fopen: Check when opening files – can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents?.
```
    file = fopen(fileExtracted.c_str(), "r");
```
./src/modules/core/src/FileToolsTest.cxx:134: [2] (misc) fopen: Check when opening files – can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents?.
```
    file = fopen(fileExtracted.c_str(), "r");
```
./src/modules/core/src/FileToolsTest.cxx:139: [2] (misc) fopen: Check when opening files – can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents?.
```
    file = fopen(fileExtracted.c_str(), "r");
```
./src/modules/core/src/LocalizedObject.cxx:325: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination. Make sure destination can always hold the source data.
```
        std::memcpy(strBuf, data, length);
```
./src/modules/core/src/Md5.cxx:221: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination. Make sure destination can always hold the source data.
```
        memcpy (buffer + buffer_index, input, buffer_space);
```
./src/modules/core/src/Md5.cxx:235: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination. Make sure destination can always hold the source data.
```
    memcpy(buffer+buffer_index, input+input_index, input_length-input_index);
```
./src/modules/core/src/Md5.cxx:513: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination. Make sure destination can always hold the source data.
```
void Md5::memcpy (uint1 *output, uint1 *input, uint4 len){
```
./src/modules/core/src/Md5Test.cxx:106: [2] (misc) fopen: Check when opening files – can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents?.
```
    FILE    *f = fopen("var/md5test.data", "r");
```
./src/modules/core/src/RdsContainerTest.cxx:79: [2] (misc) open: Check when opening files – can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents?.
```
    ifs.open(configFileName.c_str());
```
./src/modules/playlistExecutor/include/LiveSupport/PlaylistExecutor/AudioPlayerInterface.h:156: [2] (misc) open: Check when opening files – can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents?.
```
        open(const std::string  fileUrl)        throw (std::invalid_argument,
```
./src/modules/playlistExecutor/src/AudioPlayerFactoryGstreamerTest.cxx:159: [2] (misc) open: Check when opening files – can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents?.
```
        audioPlayer->open("file:///tmp/campcaster/simple.smil");
```
./src/modules/playlistExecutor/src/GstreamerPlayer.cxx:249: [2] (misc) open: Check when opening files – can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents?.
```
GstreamerPlayer :: open(const std::string   fileUri)
```
./src/modules/playlistExecutor/src/GstreamerPlayer.h:289: [2] (misc) open: Check when opening files – can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents?.
```
        open(const std::string  fileUrl)        throw (std::invalid_argument,
```
./src/modules/playlistExecutor/src/GstreamerPlayerTest.cxx:134: [2] (misc) open: Check when opening files – can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents?.
```
        player->open("file:///tmp/campcaster/test.mp3");
```
./src/modules/playlistExecutor/src/GstreamerPlayerTest.cxx:170: [2] (misc) open: Check when opening files – can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents?.
```
        player->open("file:///tmp/campcaster/test.mp3");
```
./src/modules/playlistExecutor/src/GstreamerPlayerTest.cxx:220: [2] (misc) open: Check when opening files – can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents?.
```
        player->open("file:///tmp/campcaster/test-short.mp3");
```
./src/modules/playlistExecutor/src/GstreamerPlayerTest.cxx:240: [2] (misc) open: Check when opening files – can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents?.
```
        player->open("file:///tmp/campcaster/test-short.mp3");
```
./src/modules/playlistExecutor/src/GstreamerPlayerTest.cxx:258: [2] (misc) open: Check when opening files – can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents?.
```
        player->open("file:///tmp/campcaster/test-short.mp3");
```
./src/modules/playlistExecutor/src/GstreamerPlayerTest.cxx:280: [2] (misc) open: Check when opening files – can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents?.
```
        player->open("file:///tmp/campcaster/test-short.mp3")
```
./src/modules/playlistExecutor/src/GstreamerPlayerTest.cxx:308: [2] (misc) open: Check when opening files – can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents?.
```
        player->open("file:///tmp/campcaster/simpleSmil.smil");
```
./src/modules/playlistExecutor/src/GstreamerPlayerTest.cxx:337: [2] (misc) open: Check when opening files – can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents?.
```
        player->open("file:///tmp/campcaster/sequentialSmil.smil");
```
./src/modules/playlistExecutor/src/GstreamerPlayerTest.cxx:367: [2] (misc) open: Check when opening files – can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents?.
```
        player->open("file:///tmp/campcaster/animatedSmil.smil");
```
./src/modules/playlistExecutor/src/GstreamerPlayerTest.cxx:417: [2] (misc) open: Check when opening files – can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents?.
```
        player->open("totally/bad/URL");
```
./src/modules/playlistExecutor/src/GstreamerPlayerTest.cxx:435: [2] (misc) open: Check when opening files – can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents?.
```
        player->open("file:///tmp/campcaster/test.mp3");
```
./src/modules/playlistExecutor/src/GstreamerPlayerTest.cxx:444: [2] (misc) open: Check when opening files – can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents?.
```
        player->open("totally/bad/URL");
```
./src/modules/playlistExecutor/src/GstreamerPlayerTest.cxx:509: [2] (misc) open: Check when opening files – can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents?.
```
        player->open("file:///tmp/campcaster/test.mp3");
```
./src/modules/playlistExecutor/src/GstreamerPlayerTest.cxx:534: [2] (misc) open: Check when opening files – can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents?.
```
        player->open("file:///tmp/campcaster/test.mp3");
```
./src/modules/playlistExecutor/src/GstreamerPlayerTest.cxx:563: [2] (misc) open: Check when opening files – can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents?.
```
        player->open("file:///tmp/campcaster/test.mp3");
```
./src/modules/playlistExecutor/src/GstreamerPlayerTest.cxx:597: [2] (misc) open: Check when opening files – can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents?.
```
        player->open("file:///tmp/campcaster/test-short.mp3");
```
./src/modules/playlistExecutor/src/GstreamerPlayerTest.cxx:638: [2] (misc) open: Check when opening files – can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents?.
```
            player->open("file:///tmp/campcaster/test-short.mp3");
```
./src/modules/playlistExecutor/src/GstreamerPlayerTest.cxx:670: [2] (misc) open: Check when opening files – can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents?.
```
        player->open(fileName);
```
./src/modules/playlistExecutor/src/GstreamerPlayerTest.cxx:737: [2] (misc) open: Check when opening files – can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents?.
```
        player->open("file:///tmp/campcaster/test10001.mp3");
```
./src/modules/playlistExecutor/src/GstreamerPlayerTest.cxx:808: [2] (misc) open: Check when opening files – can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents?.
```
        player->open("file:///tmp/campcaster/test.mp3");
```
./src/modules/playlistExecutor/src/GstreamerPlayerTest.cxx:821: [2] (misc) open: Check when opening files – can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents?.
```
        player2->open("file:///tmp/campcaster/test.mp3");
```
./src/modules/playlistExecutor/src/TestRunner.cxx:189: [2] (buffer) char: Statically-sized arrays can be overflowed. Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length.
```
          char tmp[255]={0};
```
./src/modules/playlistExecutor/src/TestRunner.cxx:190: [2] (buffer) sprintf: Does not check for buffer overflows. Use snprintf or vsnprintf. Risk is low because the source has a constant maximum length.
```
          sprintf(tmp, "file:///tmp/campcaster/%d.ogg", cnt+1);//use when file name needed
```
./src/modules/playlistExecutor/src/TwoGstreamerPlayersTest.cxx:154: [2] (misc) open: Check when opening files – can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents?.
```
        player1->open("file:///tmp/campcaster/test10001.mp3");
```
./src/modules/playlistExecutor/src/TwoGstreamerPlayersTest.cxx:181: [2] (misc) open: Check when opening files – can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents?.
```
        player2->open("file:///tmp/campcaster/test.mp3");
```
./src/modules/playlistExecutor/src/TwoGstreamerPlayersTest.cxx:211: [2] (misc) open: Check when opening files – can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents?.
```
        player1->open("file:///tmp/campcaster/test10001.mp3");
```
./src/modules/playlistExecutor/src/TwoGstreamerPlayersTest.cxx:226: [2] (misc) open: Check when opening files – can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents?.
```
        player2->open("file:///tmp/campcaster/test.mp3");
```
./src/modules/schedulerClient/src/SchedulerDaemonXmlRpcClientTest.cxx:427: [2] (misc) fopen: Check when opening files – can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents?.
```
    file = fopen(extractedTempFileName.c_str(), "r");
```
./src/modules/schedulerClient/src/SchedulerDaemonXmlRpcClientTest.cxx:436: [2] (misc) fopen: Check when opening files – can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents?.
```
    file = fopen(extractedTempFileName.c_str(), "r");
```
./src/modules/schedulerClient/src/SchedulerDaemonXmlRpcClientTest.cxx:441: [2] (misc) fopen: Check when opening files – can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents?.
```
    file = fopen(extractedTempFileName.c_str(), "r");
```
./src/products/gLiveSupport/src/AudioPlayerTest.cxx:244: [2] (misc) open: Check when opening files – can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents?.
```
        audioPlayer->open(*audioClip->getUri())
```
./src/products/gLiveSupport/src/AudioPlayerTest.cxx:288: [2] (misc) open: Check when opening files – can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents?.
```
        audioPlayer->open(*playlist->getUri())
```
./src/products/gLiveSupport/src/GLiveSupport.cxx:1301: [2] (misc) open: Check when opening files – can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents?.
```
                outputPlayer->open(*outputItemPlayingNow->getUri());
```
./src/products/gLiveSupport/src/GLiveSupport.cxx:1310: [2] (misc) open: Check when opening files – can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents?.
```
                outputPlayer->open(*outputItemPlayingNow->getUri());
```
./src/products/gLiveSupport/src/GLiveSupport.cxx:1431: [2] (misc) open: Check when opening files – can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents?.
```
                cuePlayer->open(*cueItemPlayingNow->getUri());
```
./src/products/gLiveSupport/src/GLiveSupport.cxx:1440: [2] (misc) open: Check when opening files – can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents?.
```
                cuePlayer->open(*cueItemPlayingNow->getUri());
```
./src/products/gLiveSupport/src/GLiveSupport.cxx:1757: [2] (misc) open: Check when opening files – can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents?.
```
        cuePlayer->open(*testAudioUrl);
```
./src/products/gLiveSupport/src/GLiveSupportTest.cxx:125: [2] (misc) open: Check when opening files – can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents?.
```
    ifs.open(configFileName.c_str());
```
./src/products/gLiveSupport/src/GLiveSupportTest.cxx:129: [2] (misc) open: Check when opening files – can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents?.
```
        ifs.open(gLiveSupportEtcConfigFileName.c_str());
```
./src/products/gLiveSupport/src/KeyboardShortcutTest.cxx:79: [2] (misc) open: Check when opening files – can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents?.
```
    ifs.open(configFileName.c_str());
```
./src/products/scheduler/src/PlaylistEvent.cxx:161: [2] (misc) open: Check when opening files – can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents?.
```
        audioPlayer->open(*playlist->getUri());
```
./src/products/scheduler/src/PostgresqlBackupTest.cxx:200: [2] (misc) fopen: Check when opening files – can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents?.
```
    file = fopen(extractedTempFileName.c_str(), "r");
```
./src/products/scheduler/src/PostgresqlBackupTest.cxx:209: [2] (misc) fopen: Check when opening files – can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents?.
```
    file = fopen(extractedTempFileName.c_str(), "r");
```
./src/products/scheduler/src/PostgresqlBackupTest.cxx:214: [2] (misc) fopen: Check when opening files – can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents?.
```
    file = fopen(extractedTempFileName.c_str(), "r");
```
./src/products/scheduler/src/RpcBackupTest.cxx:267: [2] (misc) fopen: Check when opening files – can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents?.
```
    file = fopen(extractedTempFileName.c_str(), "r");
```
./src/products/scheduler/src/RpcBackupTest.cxx:276: [2] (misc) fopen: Check when opening files – can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents?.
```
    file = fopen(extractedTempFileName.c_str(), "r");
```
./src/products/scheduler/src/RpcBackupTest.cxx:281: [2] (misc) fopen: Check when opening files – can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents?.
```
    file = fopen(extractedTempFileName.c_str(), "r");
```
./src/modules/core/src/Md5.cxx:269: [1] (buffer) read: Check buffer boundaries if used in a loop.
```
        stream.read((char *)buffer, 1024);
```
./src/products/scheduler/src/XmlRpcDaemon.cxx:202: [1] (access) umask: Ensure that umask is given most restrictive possible setting (e.g., 066 or 077).
```
    umask(uMask);
```

Hits = 88
Lines analyzed = 100896 in 7.39 seconds (14639 lines/second)
Physical Source Lines of Code (SLOC) = 44430
Hits@level = [0] 0 [1] 2 [2] 66 [3] 18 [4] 2 [5] 0
Hits@level+ = [0+] 88 [1+] 88 [2+] 86 [3+] 20 [4+] 2 [5+] 0
Hits/KSLOC@level+ = [0+] 1.98064 [1+] 1.98064 [2+] 1.93563 [3+] 0.450146 [4+] 0.0450146 [5+] 0
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!