The following issues were found
collectors/python.d.plugin/beanstalk/beanstalk.chart.py
18 issues
Line: 13
Column: 1
except ImportError:
BEANSTALKC = False
from bases.FrameworkServices.SimpleService import SimpleService
from bases.loaders import load_yaml
ORDER = [
'cpu_usage',
'jobs_rate',
Reported by Pylint.
Line: 14
Column: 1
BEANSTALKC = False
from bases.FrameworkServices.SimpleService import SimpleService
from bases.loaders import load_yaml
ORDER = [
'cpu_usage',
'jobs_rate',
'connections_rate',
Reported by Pylint.
Line: 1
Column: 1
# -*- coding: utf-8 -*-
# Description: beanstalk netdata python.d module
# Author: ilyam8
# SPDX-License-Identifier: GPL-3.0-or-later
try:
import beanstalkc
BEANSTALKC = True
Reported by Pylint.
Line: 30
Column: 1
CHARTS = {
'cpu_usage': {
'options': [None, 'Cpu Usage', 'cpu time', 'server statistics', 'beanstalk.cpu_usage', 'area'],
'lines': [
['rusage-utime', 'user', 'incremental'],
['rusage-stime', 'system', 'incremental']
]
},
Reported by Pylint.
Line: 37
Column: 1
]
},
'jobs_rate': {
'options': [None, 'Jobs Rate', 'jobs/s', 'server statistics', 'beanstalk.jobs_rate', 'line'],
'lines': [
['total-jobs', 'total', 'incremental'],
['job-timeouts', 'timeouts', 'incremental']
]
},
Reported by Pylint.
Line: 44
Column: 1
]
},
'connections_rate': {
'options': [None, 'Connections Rate', 'connections/s', 'server statistics', 'beanstalk.connections_rate',
'area'],
'lines': [
['total-connections', 'connections', 'incremental']
]
},
Reported by Pylint.
Line: 51
Column: 1
]
},
'commands_rate': {
'options': [None, 'Commands Rate', 'commands/s', 'server statistics', 'beanstalk.commands_rate', 'stacked'],
'lines': [
['cmd-put', 'put', 'incremental'],
['cmd-peek', 'peek', 'incremental'],
['cmd-peek-ready', 'peek-ready', 'incremental'],
['cmd-peek-delayed', 'peek-delayed', 'incremental'],
Reported by Pylint.
Line: 76
Column: 1
]
},
'current_tubes': {
'options': [None, 'Current Tubes', 'tubes', 'server statistics', 'beanstalk.current_tubes', 'area'],
'lines': [
['current-tubes', 'tubes']
]
},
'current_jobs': {
Reported by Pylint.
Line: 82
Column: 1
]
},
'current_jobs': {
'options': [None, 'Current Jobs', 'jobs', 'server statistics', 'beanstalk.current_jobs', 'stacked'],
'lines': [
['current-jobs-urgent', 'urgent'],
['current-jobs-ready', 'ready'],
['current-jobs-reserved', 'reserved'],
['current-jobs-delayed', 'delayed'],
Reported by Pylint.
Line: 117
Column: 1
}
def tube_chart_template(name):
order = [
'{0}_jobs_rate'.format(name),
'{0}_jobs'.format(name),
'{0}_connections'.format(name),
'{0}_commands'.format(name),
Reported by Pylint.
backends/prometheus/backend_prometheus.c
18 issues
Line: 167
Column: 5
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
const char *labels;
time_t now;
int host_header_printed;
char name[PROMETHEUS_VARIABLE_MAX+1];
};
static int print_host_variables(RRDVAR *rv, void *data) {
struct host_variables_callback_options *opts = data;
Reported by FlawFinder.
Line: 229
Column: 5
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static void rrd_stats_api_v1_charts_allmetrics_prometheus(RRDHOST *host, BUFFER *wb, const char *prefix, BACKEND_OPTIONS backend_options, time_t after, time_t before, int allhosts, BACKENDS_PROMETHEUS_OUTPUT_OPTIONS output_options) {
rrdhost_rdlock(host);
char hostname[PROMETHEUS_ELEMENT_MAX + 1];
backends_prometheus_label_copy(hostname, host->hostname, PROMETHEUS_ELEMENT_MAX);
char labels[PROMETHEUS_LABELS_MAX + 1] = "";
if(allhosts) {
if(output_options & BACKENDS_PROMETHEUS_OUTPUT_TIMESTAMPS)
Reported by FlawFinder.
Line: 232
Column: 5
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
char hostname[PROMETHEUS_ELEMENT_MAX + 1];
backends_prometheus_label_copy(hostname, host->hostname, PROMETHEUS_ELEMENT_MAX);
char labels[PROMETHEUS_LABELS_MAX + 1] = "";
if(allhosts) {
if(output_options & BACKENDS_PROMETHEUS_OUTPUT_TIMESTAMPS)
buffer_sprintf(wb, "netdata_info{instance=\"%s\",application=\"%s\",version=\"%s\"} 1 %llu\n", hostname, host->program_name, host->program_version, now_realtime_usec() / USEC_PER_MS);
else
buffer_sprintf(wb, "netdata_info{instance=\"%s\",application=\"%s\",version=\"%s\"} 1\n", hostname, host->program_name, host->program_version);
Reported by FlawFinder.
Line: 297
Column: 9
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
// for each chart
RRDSET *st;
rrdset_foreach_read(st, host) {
char chart[PROMETHEUS_ELEMENT_MAX + 1];
char context[PROMETHEUS_ELEMENT_MAX + 1];
char family[PROMETHEUS_ELEMENT_MAX + 1];
char units[PROMETHEUS_ELEMENT_MAX + 1] = "";
backends_prometheus_label_copy(chart, (output_options & BACKENDS_PROMETHEUS_OUTPUT_NAMES && st->name)?st->name:st->id, PROMETHEUS_ELEMENT_MAX);
Reported by FlawFinder.
Line: 298
Column: 9
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
RRDSET *st;
rrdset_foreach_read(st, host) {
char chart[PROMETHEUS_ELEMENT_MAX + 1];
char context[PROMETHEUS_ELEMENT_MAX + 1];
char family[PROMETHEUS_ELEMENT_MAX + 1];
char units[PROMETHEUS_ELEMENT_MAX + 1] = "";
backends_prometheus_label_copy(chart, (output_options & BACKENDS_PROMETHEUS_OUTPUT_NAMES && st->name)?st->name:st->id, PROMETHEUS_ELEMENT_MAX);
backends_prometheus_label_copy(family, st->family, PROMETHEUS_ELEMENT_MAX);
Reported by FlawFinder.
Line: 299
Column: 9
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
rrdset_foreach_read(st, host) {
char chart[PROMETHEUS_ELEMENT_MAX + 1];
char context[PROMETHEUS_ELEMENT_MAX + 1];
char family[PROMETHEUS_ELEMENT_MAX + 1];
char units[PROMETHEUS_ELEMENT_MAX + 1] = "";
backends_prometheus_label_copy(chart, (output_options & BACKENDS_PROMETHEUS_OUTPUT_NAMES && st->name)?st->name:st->id, PROMETHEUS_ELEMENT_MAX);
backends_prometheus_label_copy(family, st->family, PROMETHEUS_ELEMENT_MAX);
backends_prometheus_name_copy(context, st->context, PROMETHEUS_ELEMENT_MAX);
Reported by FlawFinder.
Line: 300
Column: 9
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
char chart[PROMETHEUS_ELEMENT_MAX + 1];
char context[PROMETHEUS_ELEMENT_MAX + 1];
char family[PROMETHEUS_ELEMENT_MAX + 1];
char units[PROMETHEUS_ELEMENT_MAX + 1] = "";
backends_prometheus_label_copy(chart, (output_options & BACKENDS_PROMETHEUS_OUTPUT_NAMES && st->name)?st->name:st->id, PROMETHEUS_ELEMENT_MAX);
backends_prometheus_label_copy(family, st->family, PROMETHEUS_ELEMENT_MAX);
backends_prometheus_name_copy(context, st->context, PROMETHEUS_ELEMENT_MAX);
Reported by FlawFinder.
Line: 336
Column: 21
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
RRDDIM *rd;
rrddim_foreach_read(rd, st) {
if(rd->collections_counter && !rrddim_flag_check(rd, RRDDIM_FLAG_OBSOLETE)) {
char dimension[PROMETHEUS_ELEMENT_MAX + 1];
char *suffix = "";
if (as_collected) {
// we need as-collected / raw data
Reported by FlawFinder.
Line: 595
Column: 5
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
, size_t *count_dims
, size_t *count_dims_skipped
) {
char hostname[PROMETHEUS_ELEMENT_MAX + 1];
backends_prometheus_label_copy(hostname, __hostname, PROMETHEUS_ELEMENT_MAX);
backends_add_host_info("netdata_info", hostname, host->program_name, host->program_version, now_realtime_usec() / USEC_PER_MS);
if(host->tags && *(host->tags)) {
Reported by FlawFinder.
Line: 601
Column: 9
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
backends_add_host_info("netdata_info", hostname, host->program_name, host->program_version, now_realtime_usec() / USEC_PER_MS);
if(host->tags && *(host->tags)) {
char tags[PROMETHEUS_LABELS_MAX + 1];
strncpy(tags, host->tags, PROMETHEUS_LABELS_MAX);
char *words[PROMETHEUS_LABELS_MAX_NUMBER] = {NULL};
int i;
remote_write_split_words(tags, words, PROMETHEUS_LABELS_MAX_NUMBER);
Reported by FlawFinder.
database/rrdhost.c
18 issues
Line: 1208
Column: 5
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
{
struct label *l=NULL;
char *label_script = mallocz(sizeof(char) * (strlen(netdata_configured_primary_plugins_dir) + strlen("get-kubernetes-labels.sh") + 2));
sprintf(label_script, "%s/%s", netdata_configured_primary_plugins_dir, "get-kubernetes-labels.sh");
if (unlikely(access(label_script, R_OK) != 0)) {
error("Kubernetes pod label fetching script %s not found.",label_script);
freez(label_script);
} else {
pid_t command_pid;
Reported by FlawFinder.
Line: 1209
Column: 18
CWE codes:
362/367!
Suggestion:
Set up the correct permissions (e.g., using setuid()) and try to open the file directly
struct label *l=NULL;
char *label_script = mallocz(sizeof(char) * (strlen(netdata_configured_primary_plugins_dir) + strlen("get-kubernetes-labels.sh") + 2));
sprintf(label_script, "%s/%s", netdata_configured_primary_plugins_dir, "get-kubernetes-labels.sh");
if (unlikely(access(label_script, R_OK) != 0)) {
error("Kubernetes pod label fetching script %s not found.",label_script);
freez(label_script);
} else {
pid_t command_pid;
Reported by FlawFinder.
Line: 241
Column: 5
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
netdata_rwlock_init(&host->health_log.alarm_log_rwlock);
char filename[FILENAME_MAX + 1];
if(is_localhost) {
host->cache_dir = strdupz(netdata_configured_cache_dir);
host->varlib_dir = strdupz(netdata_configured_varlib_dir);
Reported by FlawFinder.
Line: 322
Column: 9
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
if (host->rrd_memory_mode == RRD_MEMORY_MODE_DBENGINE) {
#ifdef ENABLE_DBENGINE
char dbenginepath[FILENAME_MAX + 1];
int ret;
snprintfz(dbenginepath, FILENAME_MAX, "%s/dbengine", host->cache_dir);
ret = mkdir(dbenginepath, 0775);
if (ret != 0 && errno != EEXIST)
Reported by FlawFinder.
Line: 493
Column: 13
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
rrdhost_flag_clear(host, RRDHOST_FLAG_ARCHIVED);
if(host->health_enabled) {
int r;
char filename[FILENAME_MAX + 1];
if (host != localhost) {
r = mkdir(host->varlib_dir, 0775);
if (r != 0 && errno != EEXIST)
error("Host '%s': cannot create directory '%s'", host->hostname, host->varlib_dir);
Reported by FlawFinder.
Line: 704
Column: 5
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
}
#ifdef ENABLE_DBENGINE
char dbenginepath[FILENAME_MAX + 1];
int ret;
snprintfz(dbenginepath, FILENAME_MAX, "%s/dbengine", localhost->cache_dir);
ret = mkdir(dbenginepath, 0775);
if (ret != 0 && errno != EEXIST)
error("Host '%s': cannot create directory '%s'", localhost->hostname, dbenginepath);
Reported by FlawFinder.
Line: 1084
Column: 9
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
while (*end) {
const char *start = end;
char key[CONFIG_MAX_VALUE + 1];
char value[CONFIG_MAX_VALUE + 1];
while (*end && *end != key_value_separator)
end++;
strncpyz(key, start, end - start);
Reported by FlawFinder.
Line: 1085
Column: 9
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
while (*end) {
const char *start = end;
char key[CONFIG_MAX_VALUE + 1];
char value[CONFIG_MAX_VALUE + 1];
while (*end && *end != key_value_separator)
end++;
strncpyz(key, start, end - start);
Reported by FlawFinder.
Line: 1112
Column: 5
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct label *parse_json_tags(struct label *label_list, const char *tags)
{
char tags_buf[CONFIG_MAX_VALUE + 1];
strncpy(tags_buf, tags, CONFIG_MAX_VALUE);
char *str = tags_buf;
switch (*str) {
case '{':
Reported by FlawFinder.
Line: 1132
Column: 13
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
size_t i = 0;
while (str < end) {
char key[CONFIG_MAX_VALUE + 1];
snprintfz(key, CONFIG_MAX_VALUE, "host_tag%zu", i);
str = strip_double_quotes(trim(str), SKIP_ESCAPED_CHARACTERS);
label_list = add_label_to_list(label_list, key, str, LABEL_SOURCE_NETDATA_CONF);
Reported by FlawFinder.
collectors/proc.plugin/proc_stat.c
18 issues
Line: 722
Column: 76
CWE codes:
78
Suggestion:
try using a library call that implements the same functionality if available
rrddim_set_by_pointer(cpu_chart->st, cpu_chart->rd_user, user);
rrddim_set_by_pointer(cpu_chart->st, cpu_chart->rd_nice, nice);
rrddim_set_by_pointer(cpu_chart->st, cpu_chart->rd_system, system);
rrddim_set_by_pointer(cpu_chart->st, cpu_chart->rd_idle, idle);
rrddim_set_by_pointer(cpu_chart->st, cpu_chart->rd_iowait, iowait);
rrddim_set_by_pointer(cpu_chart->st, cpu_chart->rd_irq, irq);
rrddim_set_by_pointer(cpu_chart->st, cpu_chart->rd_softirq, softirq);
rrddim_set_by_pointer(cpu_chart->st, cpu_chart->rd_steal, steal);
Reported by FlawFinder.
Line: 58
Column: 5
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static int keep_cpuidle_fds_open = CONFIG_BOOLEAN_YES;
static int read_per_core_files(struct cpu_chart *all_cpu_charts, size_t len, size_t index) {
char buf[50 + 1];
size_t x, files_read = 0, files_nonzero = 0;
for(x = 0; x < len ; x++) {
struct per_core_single_number_file *f = &all_cpu_charts[x].files[index];
Reported by FlawFinder.
Line: 70
Column: 21
CWE codes:
362
continue;
if(unlikely(f->fd == -1)) {
f->fd = open(f->filename, O_RDONLY);
if (unlikely(f->fd == -1)) {
error("Cannot open file '%s'", f->filename);
continue;
}
}
Reported by FlawFinder.
Line: 372
Column: 5
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
}
static int read_cpuidle_states(char *cpuidle_name_filename , char *cpuidle_time_filename, struct per_core_cpuidle_chart *cpuidle_charts, size_t core) {
char filename[FILENAME_MAX + 1];
static char next_state_filename[FILENAME_MAX + 1];
struct stat stbuf;
struct per_core_cpuidle_chart *cc = &cpuidle_charts[core];
size_t state;
Reported by FlawFinder.
Line: 373
Column: 12
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static int read_cpuidle_states(char *cpuidle_name_filename , char *cpuidle_time_filename, struct per_core_cpuidle_chart *cpuidle_charts, size_t core) {
char filename[FILENAME_MAX + 1];
static char next_state_filename[FILENAME_MAX + 1];
struct stat stbuf;
struct per_core_cpuidle_chart *cc = &cpuidle_charts[core];
size_t state;
if(unlikely(!cc->cpuidle_state_len || cc->rescan_cpu_states)) {
Reported by FlawFinder.
Line: 411
Column: 13
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
cc->cpuidle_state = callocz(cc->cpuidle_state_len, sizeof(struct cpuidle_state));
for(state = 0; state < cc->cpuidle_state_len; state++) {
char name_buf[50 + 1];
snprintfz(filename, FILENAME_MAX, cpuidle_name_filename, core, state);
int fd = open(filename, O_RDONLY, 0666);
if(unlikely(fd == -1)) {
error("Cannot open file '%s'", filename);
Reported by FlawFinder.
Line: 414
Column: 22
CWE codes:
362
char name_buf[50 + 1];
snprintfz(filename, FILENAME_MAX, cpuidle_name_filename, core, state);
int fd = open(filename, O_RDONLY, 0666);
if(unlikely(fd == -1)) {
error("Cannot open file '%s'", filename);
cc->rescan_cpu_states = 1;
return 1;
}
Reported by FlawFinder.
Line: 446
Column: 27
CWE codes:
362
struct cpuidle_state *cs = &cc->cpuidle_state[state];
if(unlikely(cs->time_fd == -1)) {
cs->time_fd = open(cs->time_filename, O_RDONLY);
if (unlikely(cs->time_fd == -1)) {
error("Cannot open file '%s'", cs->time_filename);
cc->rescan_cpu_states = 1;
return 1;
}
Reported by FlawFinder.
Line: 454
Column: 9
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
}
}
char time_buf[50 + 1];
if(likely(read_one_state(time_buf, cs->time_filename, &cs->time_fd))) {
cs->value = str2ll(time_buf, NULL);
}
else {
cc->rescan_cpu_states = 1;
Reported by FlawFinder.
Line: 535
Column: 9
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
hash_procs_running = simple_hash("procs_running");
hash_procs_blocked = simple_hash("procs_blocked");
char filename[FILENAME_MAX + 1];
snprintfz(filename, FILENAME_MAX, "%s%s", netdata_configured_host_prefix, "/sys/devices/system/cpu/%s/thermal_throttle/core_throttle_count");
core_throttle_count_filename = config_get("plugin:proc:/proc/stat", "core_throttle_count filename to monitor", filename);
snprintfz(filename, FILENAME_MAX, "%s%s", netdata_configured_host_prefix, "/sys/devices/system/cpu/%s/thermal_throttle/package_throttle_count");
package_throttle_count_filename = config_get("plugin:proc:/proc/stat", "package_throttle_count filename to monitor", filename);
Reported by FlawFinder.
libnetdata/config/appconfig.c
18 issues
Line: 420
Column: 5
CWE codes:
134
Suggestion:
Make format string constant
LONG_DOUBLE appconfig_get_float(struct config *root, const char *section, const char *name, LONG_DOUBLE value)
{
char buffer[100], *s;
sprintf(buffer, "%0.5" LONG_DOUBLE_MODIFIER, value);
s = appconfig_get(root, section, name, buffer);
if(!s) return value;
return str2ld(s, NULL);
Reported by FlawFinder.
Line: 546
Column: 5
CWE codes:
134
Suggestion:
Make format string constant
LONG_DOUBLE appconfig_set_float(struct config *root, const char *section, const char *name, LONG_DOUBLE value)
{
char buffer[100];
sprintf(buffer, "%0.5" LONG_DOUBLE_MODIFIER, value);
appconfig_set(root, section, name, buffer);
return value;
}
Reported by FlawFinder.
Line: 408
Column: 5
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
long long appconfig_get_number(struct config *root, const char *section, const char *name, long long value)
{
char buffer[100], *s;
sprintf(buffer, "%lld", value);
s = appconfig_get(root, section, name, buffer);
if(!s) return value;
Reported by FlawFinder.
Line: 409
Column: 5
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
long long appconfig_get_number(struct config *root, const char *section, const char *name, long long value)
{
char buffer[100], *s;
sprintf(buffer, "%lld", value);
s = appconfig_get(root, section, name, buffer);
if(!s) return value;
return strtoll(s, NULL, 0);
Reported by FlawFinder.
Line: 419
Column: 5
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
LONG_DOUBLE appconfig_get_float(struct config *root, const char *section, const char *name, LONG_DOUBLE value)
{
char buffer[100], *s;
sprintf(buffer, "%0.5" LONG_DOUBLE_MODIFIER, value);
s = appconfig_get(root, section, name, buffer);
if(!s) return value;
Reported by FlawFinder.
Line: 535
Column: 5
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
long long appconfig_set_number(struct config *root, const char *section, const char *name, long long value)
{
char buffer[100];
sprintf(buffer, "%lld", value);
appconfig_set(root, section, name, buffer);
return value;
Reported by FlawFinder.
Line: 536
Column: 5
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
long long appconfig_set_number(struct config *root, const char *section, const char *name, long long value)
{
char buffer[100];
sprintf(buffer, "%lld", value);
appconfig_set(root, section, name, buffer);
return value;
}
Reported by FlawFinder.
Line: 545
Column: 5
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
LONG_DOUBLE appconfig_set_float(struct config *root, const char *section, const char *name, LONG_DOUBLE value)
{
char buffer[100];
sprintf(buffer, "%0.5" LONG_DOUBLE_MODIFIER, value);
appconfig_set(root, section, name, buffer);
return value;
Reported by FlawFinder.
Line: 595
Column: 5
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct section *co = NULL;
int is_exporter_config = 0;
int _backends = 0; // number of backend sections we have
char working_instance[CONFIG_MAX_NAME + 1];
char working_connector[CONFIG_MAX_NAME + 1];
struct section *working_connector_section = NULL;
int global_exporting_section = 0;
char buffer[CONFIG_FILE_LINE_MAX + 1], *s;
Reported by FlawFinder.
Line: 596
Column: 5
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
int is_exporter_config = 0;
int _backends = 0; // number of backend sections we have
char working_instance[CONFIG_MAX_NAME + 1];
char working_connector[CONFIG_MAX_NAME + 1];
struct section *working_connector_section = NULL;
int global_exporting_section = 0;
char buffer[CONFIG_FILE_LINE_MAX + 1], *s;
Reported by FlawFinder.
libnetdata/json/json.c
18 issues
Line: 414
Column: 21
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
ne.name[len] = '\0';
len=strlen(e->fullname) + strlen(e->fullname[0]?".":"") + strlen(ne.name);
char *c = mallocz((len+1)*sizeof(char));
sprintf(c,"%s%s%s", e->fullname, e->fullname[0]?".":"", ne.name);
if (unlikely(len>JSON_FULLNAME_LEN)) len=JSON_FULLNAME_LEN;
strncpy(ne.fullname, c, len);
freez(c);
start++;
key = 0;
Reported by FlawFinder.
Line: 96
Column: 5
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
BUFFER *wb=buffer_create(300);
buffer_sprintf(wb,"%s = ", e->name);
char txt[50];
switch(e->type) {
case JSON_OBJECT:
e->callback_function = json_callback_print;
buffer_strcat(wb,"OBJECT");
break;
Reported by FlawFinder.
Line: 105
Column: 13
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
case JSON_ARRAY:
e->callback_function = json_callback_print;
sprintf(txt,"ARRAY[%lu]", e->data.items);
buffer_strcat(wb, txt);
break;
case JSON_STRING:
buffer_strcat(wb, e->data.string);
Reported by FlawFinder.
Line: 114
Column: 13
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
break;
case JSON_NUMBER:
sprintf(txt,"%Lf", e->data.number);
buffer_strcat(wb,txt);
break;
case JSON_BOOLEAN:
Reported by FlawFinder.
Line: 144
Column: 5
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if(len > JSON_NAME_LEN)
len = JSON_NAME_LEN;
e->type = JSON_STRING;
memcpy(e->name,key,len);
e->name[len] = 0x00;
e->data.string = (char *) value;
}
Reported by FlawFinder.
Line: 169
Column: 5
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if(len > JSON_NAME_LEN)
len = JSON_NAME_LEN;
e->type = JSON_NUMBER;
memcpy(e->name, key, len);
e->name[len] = 0;
e->data.number = value;
}
/**
Reported by FlawFinder.
Line: 311
Column: 5
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
js[t[start].end] = '\0';
ne.original_string = &js[t[start].start];
memcpy(&ne, e, sizeof(JSON_ENTRY));
ne.type = JSON_ARRAY;
ne.data.items = t[start].size;
ne.callback_function = e->callback_function;
ne.name[0]='\0';
ne.fullname[0]='\0';
Reported by FlawFinder.
Line: 378
Column: 5
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
char old = js[t[start].end];
js[t[start].end] = '\0';
ne.original_string = &js[t[start].start];
memcpy(&ne, e, sizeof(JSON_ENTRY));
ne.type = JSON_OBJECT;
ne.callback_function = e->callback_function;
if(e->callback_function) e->callback_function(&ne);
js[t[start].end] = old;
Reported by FlawFinder.
Line: 140
Column: 18
CWE codes:
126
* @param e the output structure
*/
static inline void json_jsonc_set_string(JSON_ENTRY *e,char *key,const char *value) {
size_t len = strlen(key);
if(len > JSON_NAME_LEN)
len = JSON_NAME_LEN;
e->type = JSON_STRING;
memcpy(e->name,key,len);
e->name[len] = 0x00;
Reported by FlawFinder.
Line: 165
Column: 18
CWE codes:
126
}
static inline void json_jsonc_set_integer(JSON_ENTRY *e, char *key, int64_t value) {
size_t len = strlen(key);
if(len > JSON_NAME_LEN)
len = JSON_NAME_LEN;
e->type = JSON_NUMBER;
memcpy(e->name, key, len);
e->name[len] = 0;
Reported by FlawFinder.
collectors/python.d.plugin/python_modules/pyyaml3/nodes.py
17 issues
Line: 28
Column: 5
class ScalarNode(Node):
id = 'scalar'
def __init__(self, tag, value,
start_mark=None, end_mark=None, style=None):
self.tag = tag
self.value = value
self.start_mark = start_mark
self.end_mark = end_mark
Reported by Pylint.
Line: 37
Column: 5
self.style = style
class CollectionNode(Node):
def __init__(self, tag, value,
start_mark=None, end_mark=None, flow_style=None):
self.tag = tag
self.value = value
self.start_mark = start_mark
self.end_mark = end_mark
Reported by Pylint.
Line: 1
Column: 1
# SPDX-License-Identifier: MIT
class Node(object):
def __init__(self, tag, value, start_mark, end_mark):
self.tag = tag
self.value = value
self.start_mark = start_mark
self.end_mark = end_mark
def __repr__(self):
Reported by Pylint.
Line: 3
Column: 1
# SPDX-License-Identifier: MIT
class Node(object):
def __init__(self, tag, value, start_mark, end_mark):
self.tag = tag
self.value = value
self.start_mark = start_mark
self.end_mark = end_mark
def __repr__(self):
Reported by Pylint.
Line: 3
Column: 1
# SPDX-License-Identifier: MIT
class Node(object):
def __init__(self, tag, value, start_mark, end_mark):
self.tag = tag
self.value = value
self.start_mark = start_mark
self.end_mark = end_mark
def __repr__(self):
Reported by Pylint.
Line: 3
Column: 1
# SPDX-License-Identifier: MIT
class Node(object):
def __init__(self, tag, value, start_mark, end_mark):
self.tag = tag
self.value = value
self.start_mark = start_mark
self.end_mark = end_mark
def __repr__(self):
Reported by Pylint.
Line: 26
Column: 1
value = repr(value)
return '%s(tag=%r, value=%s)' % (self.__class__.__name__, self.tag, value)
class ScalarNode(Node):
id = 'scalar'
def __init__(self, tag, value,
start_mark=None, end_mark=None, style=None):
self.tag = tag
self.value = value
Reported by Pylint.
Line: 26
Column: 1
value = repr(value)
return '%s(tag=%r, value=%s)' % (self.__class__.__name__, self.tag, value)
class ScalarNode(Node):
id = 'scalar'
def __init__(self, tag, value,
start_mark=None, end_mark=None, style=None):
self.tag = tag
self.value = value
Reported by Pylint.
Line: 28
Column: 5
class ScalarNode(Node):
id = 'scalar'
def __init__(self, tag, value,
start_mark=None, end_mark=None, style=None):
self.tag = tag
self.value = value
self.start_mark = start_mark
self.end_mark = end_mark
Reported by Pylint.
Line: 36
Column: 1
self.end_mark = end_mark
self.style = style
class CollectionNode(Node):
def __init__(self, tag, value,
start_mark=None, end_mark=None, flow_style=None):
self.tag = tag
self.value = value
self.start_mark = start_mark
Reported by Pylint.
collectors/python.d.plugin/python_modules/bases/FrameworkServices/UrlService.py
17 issues
Line: 11
Column: 1
from distutils.version import StrictVersion as version
from bases.FrameworkServices.SimpleService import SimpleService
try:
urllib3.disable_warnings()
except AttributeError:
pass
Reported by Pylint.
Line: 124
Column: 16
"""
try:
response = self._do_request(url, manager, **kwargs)
except Exception as error:
self.error('Url: {url}. Error: {error}'.format(url=url or self.url, error=error))
return None
if response.status == 200:
if isinstance(response.data, str):
Reported by Pylint.
Line: 187
Column: 16
try:
data = self._get_data()
except Exception as error:
self.error('_get_data() failed. Url: {url}. Error: {error}'.format(url=self.url, error=error))
return False
if isinstance(data, dict) and data:
return True
Reported by Pylint.
Line: 1
Column: 1
# -*- coding: utf-8 -*-
# Description:
# Author: Pawel Krupa (paulfantom)
# Author: Ilya Mashchenko (ilyam8)
# SPDX-License-Identifier: GPL-3.0-or-later
import urllib3
from distutils.version import StrictVersion as version
Reported by Pylint.
Line: 1
Column: 1
# -*- coding: utf-8 -*-
# Description:
# Author: Pawel Krupa (paulfantom)
# Author: Ilya Mashchenko (ilyam8)
# SPDX-License-Identifier: GPL-3.0-or-later
import urllib3
from distutils.version import StrictVersion as version
Reported by Pylint.
Line: 9
Column: 1
import urllib3
from distutils.version import StrictVersion as version
from bases.FrameworkServices.SimpleService import SimpleService
try:
urllib3.disable_warnings()
Reported by Pylint.
Line: 19
Column: 1
pass
# https://github.com/urllib3/urllib3/blob/master/CHANGES.rst#19-2014-07-04
# New retry logic and urllib3.util.retry.Retry configuration object. (Issue https://github.com/urllib3/urllib3/pull/326)
URLLIB3_MIN_REQUIRED_VERSION = '1.9'
URLLIB3_VERSION = urllib3.__version__
URLLIB3 = 'urllib3'
Reported by Pylint.
Line: 25
Column: 1
URLLIB3 = 'urllib3'
def version_check():
if version(URLLIB3_VERSION) >= version(URLLIB3_MIN_REQUIRED_VERSION):
return
err = '{0} version: {1}, minimum required version: {2}, please upgrade'.format(
URLLIB3,
Reported by Pylint.
Line: 37
Column: 1
raise Exception(err)
class UrlService(SimpleService):
def __init__(self, configuration=None, name=None):
version_check()
SimpleService.__init__(self, configuration=configuration, name=name)
self.debug("{0} version: {1}".format(URLLIB3, URLLIB3_VERSION))
self.url = self.configuration.get('url')
Reported by Pylint.
Line: 37
Column: 1
raise Exception(err)
class UrlService(SimpleService):
def __init__(self, configuration=None, name=None):
version_check()
SimpleService.__init__(self, configuration=configuration, name=name)
self.debug("{0} version: {1}".format(URLLIB3, URLLIB3_VERSION))
self.url = self.configuration.get('url')
Reported by Pylint.
collectors/ebpf.plugin/ebpf_disk.c
17 issues
Line: 68
Column: 5
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
*/
static inline int ebpf_disk_parse_start(netdata_ebpf_disks_t *w, char *filename)
{
char content[FILENAME_MAX + 1];
int fd = open(filename, O_RDONLY, 0);
if (fd < 0) {
return -1;
}
Reported by FlawFinder.
Line: 69
Column: 14
CWE codes:
362
static inline int ebpf_disk_parse_start(netdata_ebpf_disks_t *w, char *filename)
{
char content[FILENAME_MAX + 1];
int fd = open(filename, O_RDONLY, 0);
if (fd < 0) {
return -1;
}
ssize_t file_length = read(fd, content, 4095);
Reported by FlawFinder.
Line: 99
Column: 5
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
*/
static inline int ebpf_parse_uevent(netdata_ebpf_disks_t *w, char *filename)
{
char content[FILENAME_MAX + 1];
int fd = open(filename, O_RDONLY, 0);
if (fd < 0) {
return -1;
}
Reported by FlawFinder.
Line: 100
Column: 14
CWE codes:
362
static inline int ebpf_parse_uevent(netdata_ebpf_disks_t *w, char *filename)
{
char content[FILENAME_MAX + 1];
int fd = open(filename, O_RDONLY, 0);
if (fd < 0) {
return -1;
}
ssize_t file_length = read(fd, content, FILENAME_MAX);
Reported by FlawFinder.
Line: 134
Column: 5
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
*/
static inline int ebpf_parse_size(netdata_ebpf_disks_t *w, char *filename)
{
char content[FILENAME_MAX + 1];
int fd = open(filename, O_RDONLY, 0);
if (fd < 0) {
return -1;
}
Reported by FlawFinder.
Line: 135
Column: 14
CWE codes:
362
static inline int ebpf_parse_size(netdata_ebpf_disks_t *w, char *filename)
{
char content[FILENAME_MAX + 1];
int fd = open(filename, O_RDONLY, 0);
if (fd < 0) {
return -1;
}
ssize_t file_length = read(fd, content, FILENAME_MAX);
Reported by FlawFinder.
Line: 166
Column: 5
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static netdata_ebpf_disks_t *main_disk = NULL;
static uint32_t key = 0;
char *path = { "/sys/block" };
char disk[NETDATA_DISK_NAME_LEN + 1];
char filename[FILENAME_MAX + 1];
snprintfz(disk, NETDATA_DISK_NAME_LEN, "%s", name);
size_t length = strlen(disk);
if (!length) {
return;
Reported by FlawFinder.
Line: 167
Column: 5
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static uint32_t key = 0;
char *path = { "/sys/block" };
char disk[NETDATA_DISK_NAME_LEN + 1];
char filename[FILENAME_MAX + 1];
snprintfz(disk, NETDATA_DISK_NAME_LEN, "%s", name);
size_t length = strlen(disk);
if (!length) {
return;
}
Reported by FlawFinder.
Line: 280
Column: 9
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (length >= NETDATA_DISK_NAME_LEN)
length = NETDATA_DISK_NAME_LEN;
memcpy(w->family, name, length);
w->family[length] = '\0';
w->major = major;
w->minor = minor;
w->dev = netdata_new_encode_dev(major, minor);
update_next->next = w;
Reported by FlawFinder.
Line: 292
Column: 9
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (length >= NETDATA_DISK_NAME_LEN)
length = NETDATA_DISK_NAME_LEN;
memcpy(disk_list->family, name, length);
disk_list->family[length] = '\0';
disk_list->major = major;
disk_list->minor = minor;
disk_list->dev = netdata_new_encode_dev(major, minor);
Reported by FlawFinder.
collectors/python.d.plugin/python_modules/pyyaml2/nodes.py
17 issues
Line: 28
Column: 5
class ScalarNode(Node):
id = 'scalar'
def __init__(self, tag, value,
start_mark=None, end_mark=None, style=None):
self.tag = tag
self.value = value
self.start_mark = start_mark
self.end_mark = end_mark
Reported by Pylint.
Line: 37
Column: 5
self.style = style
class CollectionNode(Node):
def __init__(self, tag, value,
start_mark=None, end_mark=None, flow_style=None):
self.tag = tag
self.value = value
self.start_mark = start_mark
self.end_mark = end_mark
Reported by Pylint.
Line: 1
Column: 1
# SPDX-License-Identifier: MIT
class Node(object):
def __init__(self, tag, value, start_mark, end_mark):
self.tag = tag
self.value = value
self.start_mark = start_mark
self.end_mark = end_mark
def __repr__(self):
Reported by Pylint.
Line: 3
Column: 1
# SPDX-License-Identifier: MIT
class Node(object):
def __init__(self, tag, value, start_mark, end_mark):
self.tag = tag
self.value = value
self.start_mark = start_mark
self.end_mark = end_mark
def __repr__(self):
Reported by Pylint.
Line: 3
Column: 1
# SPDX-License-Identifier: MIT
class Node(object):
def __init__(self, tag, value, start_mark, end_mark):
self.tag = tag
self.value = value
self.start_mark = start_mark
self.end_mark = end_mark
def __repr__(self):
Reported by Pylint.
Line: 3
Column: 1
# SPDX-License-Identifier: MIT
class Node(object):
def __init__(self, tag, value, start_mark, end_mark):
self.tag = tag
self.value = value
self.start_mark = start_mark
self.end_mark = end_mark
def __repr__(self):
Reported by Pylint.
Line: 26
Column: 1
value = repr(value)
return '%s(tag=%r, value=%s)' % (self.__class__.__name__, self.tag, value)
class ScalarNode(Node):
id = 'scalar'
def __init__(self, tag, value,
start_mark=None, end_mark=None, style=None):
self.tag = tag
self.value = value
Reported by Pylint.
Line: 26
Column: 1
value = repr(value)
return '%s(tag=%r, value=%s)' % (self.__class__.__name__, self.tag, value)
class ScalarNode(Node):
id = 'scalar'
def __init__(self, tag, value,
start_mark=None, end_mark=None, style=None):
self.tag = tag
self.value = value
Reported by Pylint.
Line: 28
Column: 5
class ScalarNode(Node):
id = 'scalar'
def __init__(self, tag, value,
start_mark=None, end_mark=None, style=None):
self.tag = tag
self.value = value
self.start_mark = start_mark
self.end_mark = end_mark
Reported by Pylint.
Line: 36
Column: 1
self.end_mark = end_mark
self.style = style
class CollectionNode(Node):
def __init__(self, tag, value,
start_mark=None, end_mark=None, flow_style=None):
self.tag = tag
self.value = value
self.start_mark = start_mark
Reported by Pylint.