Codekhana

src/core/kernel/V2RayKernelInteractions.cpp

2 issues

Internal error. Token::astOperand1() cyclic dependency.

Error

Line: 160

                  {
        const auto kernelPath = GlobalConfig.kernelConfig.KernelPath();
        const auto assetsPath = GlobalConfig.kernelConfig.AssetsPath();
        if (const auto &[result, msg] = ValidateKernel(kernelPath, assetsPath); result)
        {
            DEBUG("V2Ray version: " + *msg);
            // Append assets location env.
            auto env = QProcessEnvironment::systemEnvironment();
            env.insert("v2ray.location.asset", assetsPath);

Reported by Cppcheck.

open - Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents?

Security

Line: 63 Column: 23 CWE codes: 362

              
        // Use open() here to prevent `executing` a folder, which may have the
        // same name as the V2Ray core.
        if (!coreFile.open(QFile::ReadOnly))
            return { false, tr("V2Ray core file cannot be opened, please ensure there's a file instead of a folder.") };

        coreFile.close();

#if QV2RAY_FEATURE(kernel_check_abi)

Reported by FlawFinder.

src/components/latency/TCPing.cpp

2 issues

sprintf - Does not check for buffer overflows

Security

Line: 49 Column: 13 CWE codes: 120
Suggestion: Use sprintf_s, snprintf, or vsnprintf

                      if (af == -1)
        {
            getAddrHandle = loop->resource<uvw::GetAddrInfoReq>();
            sprintf(digitBuffer, "%d", req.port);
        }
        async_DNS_lookup(0, 0);
    }
    TCPing::~TCPing()
    {

Reported by FlawFinder.

open - Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents?

Security

Line: 72 Column: 24 CWE codes: 362

                      for (; data.totalCount < req.totalCount; ++data.totalCount)
        {
            auto tcpClient = loop->resource<uvw::TCPHandle>();
            tcpClient->open(getSocket(af, SOCK_STREAM, IPPROTO_TCP));
            tcpClient->once<uvw::ErrorEvent>([ptr = shared_from_this(), this](const uvw::ErrorEvent &e, uvw::TCPHandle &h) {
                LOG("error connecting to host: " + req.host + ":" + QSTRN(req.port) + " " + e.what());
                data.failedCount += 1;
                data.errorMessage = e.what();
                notifyTestHost();

Reported by FlawFinder.

src/components/latency/unix/ICMPPing.cpp

2 issues

sprintf - Does not check for buffer overflows

Security

Line: 79 Column: 13 CWE codes: 120
Suggestion: Use sprintf_s, snprintf, or vsnprintf

                      if (isAddr() == -1)
        {
            getAddrHandle = loop->resource<uvw::GetAddrInfoReq>();
            sprintf(digitBuffer, "%d", req.port);
        }
        async_DNS_lookup(0, 0);
    }

    bool ICMPPing::notifyTestHost()

Reported by FlawFinder.

char - Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues

Security

Line: 138 Column: 13 CWE codes: 119 120
Suggestion: Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length

                          sockaddr_in addr;
            socklen_t slen = sizeof(sockaddr_in);
            int rlen = 0;
            char buf[1024];
            do
            {
                do
                {
                    rlen = recvfrom(socketId, buf, 1024, 0, (struct sockaddr *) &addr, &slen);

Reported by FlawFinder.

src/plugins/utils/BuiltinUtils.hpp

1 issues

There is an unknown macro here somewhere. Configuration is required. If Q_INTERFACES is a macro then please configure it.

Error

Line: 14

                  : public QObject
    , public Qv2rayInterface
{
    Q_INTERFACES(Qv2rayPlugin::Qv2rayInterface)
    Q_PLUGIN_METADATA(IID Qv2rayInterface_IID)
    Q_OBJECT
  public:
    const QvPluginMetadata GetMetadata() const override
    {

Reported by Cppcheck.

src/plugins/utils/core/EventHandler.cpp

1 issues

syntax error

Error

Line: 7

              {
}

QvPlugin_EventHandler(EventHandler, ConnectionStats)
{
    Q_UNUSED(pluginEvent);
}

QvPlugin_EventHandler(EventHandler, SystemProxy)

Reported by Cppcheck.

src/ui/common/speedchart/speedwidget.cpp

1 issues

system - This causes a new program to execute and is difficult to use safely

Security

Line: 159 Column: 21 CWE codes: 78
Suggestion: try using a library call that implements the same functionality if available

              {
    // check is there need for digits after decimal separator
    const int precision = (argValue < 10) ? friendlyUnitPrecision(unit) : 0;
    return QLocale::system().toString(argValue, 'f', precision) + " " + unitString(unit, true);
}

void SpeedWidget::UpdateSpeedPlotSettings()
{
    auto &Graph = GlobalConfig.uiConfig.graphConfig;

Reported by FlawFinder.

src/components/geosite/QvGeositeReader.cpp

1 issues

open - Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents?

Security

Line: 27 Column: 29 CWE codes: 362

                          GOOGLE_PROTOBUF_VERIFY_VERSION;
            //
            QFile f(filepath);
            bool opened = f.open(QFile::OpenModeFlag::ReadOnly);

            if (!opened)
            {
                LOG("File cannot be opened: " + filepath);
                return list;

Reported by FlawFinder.

src/ui/widgets/common/QJsonModel.cpp

1 issues

open - Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents?

Security

Line: 177 Column: 14 CWE codes: 362

                  QFile file(fileName);
    bool success = false;

    if (file.open(QIODevice::ReadOnly))
    {
        success = load(&file);
        file.close();
    }
    else

Reported by FlawFinder.

src/ui/widgets/editors/w_ChainSha256Editor.cpp

1 issues

syntax error

Error

Line: 15

                  QvMessageBusConnect(ChainSha256Editor);
}

QvMessageBusSlotImpl(ChainSha256Editor)
{
    switch (msg)
    {
        MBShowDefaultImpl;
        MBHideDefaultImpl;

Reported by Cppcheck.

src/components/proxy/QvProxyConfigurator.cpp

1 issues

wcscpy - Does not check for buffer overflows when copying to destination [MS-banned]

Security

Line: 300 Column: 9 CWE codes: 120
Suggestion: Consider using a function version that stops copying at the end of the buffer

              
        LOG("Windows proxy string: " + __a);
        auto proxyStrW = new WCHAR[__a.length() + 1];
        wcscpy(proxyStrW, __a.toStdWString().c_str());
        //
        __QueryProxyOptions();

        if (!__SetProxyOptions(proxyStrW, false))
        {

Reported by FlawFinder.

Modal title

The following issues were found

src/core/kernel/V2RayKernelInteractions.cpp

2 issues

src/components/latency/TCPing.cpp

2 issues

src/components/latency/unix/ICMPPing.cpp

2 issues

src/plugins/utils/BuiltinUtils.hpp

1 issues

src/plugins/utils/core/EventHandler.cpp

1 issues

src/ui/common/speedchart/speedwidget.cpp

1 issues

src/components/geosite/QvGeositeReader.cpp

1 issues

src/ui/widgets/common/QJsonModel.cpp

1 issues

src/ui/widgets/editors/w_ChainSha256Editor.cpp

1 issues

src/components/proxy/QvProxyConfigurator.cpp

1 issues