The following issues were found
web/server/web_client.h
11 issues
Line: 156
Column: 5
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
int ifd;
int ofd;
char client_ip[INET6_ADDRSTRLEN]; // Defined buffer sizes include null-terminators
char client_port[NI_MAXSERV];
char server_host[NI_MAXHOST];
char client_host[NI_MAXHOST];
char forwarded_host[NI_MAXHOST]; //Used with proxy
Reported by FlawFinder.
Line: 157
Column: 5
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
int ofd;
char client_ip[INET6_ADDRSTRLEN]; // Defined buffer sizes include null-terminators
char client_port[NI_MAXSERV];
char server_host[NI_MAXHOST];
char client_host[NI_MAXHOST];
char forwarded_host[NI_MAXHOST]; //Used with proxy
char decoded_url[NETDATA_WEB_REQUEST_URL_SIZE + 1]; // we decode the URL in this buffer
Reported by FlawFinder.
Line: 158
Column: 5
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
char client_ip[INET6_ADDRSTRLEN]; // Defined buffer sizes include null-terminators
char client_port[NI_MAXSERV];
char server_host[NI_MAXHOST];
char client_host[NI_MAXHOST];
char forwarded_host[NI_MAXHOST]; //Used with proxy
char decoded_url[NETDATA_WEB_REQUEST_URL_SIZE + 1]; // we decode the URL in this buffer
char decoded_query_string[NETDATA_WEB_REQUEST_URL_SIZE + 1]; // we decode the Query String in this buffer
Reported by FlawFinder.
Line: 159
Column: 5
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
char client_ip[INET6_ADDRSTRLEN]; // Defined buffer sizes include null-terminators
char client_port[NI_MAXSERV];
char server_host[NI_MAXHOST];
char client_host[NI_MAXHOST];
char forwarded_host[NI_MAXHOST]; //Used with proxy
char decoded_url[NETDATA_WEB_REQUEST_URL_SIZE + 1]; // we decode the URL in this buffer
char decoded_query_string[NETDATA_WEB_REQUEST_URL_SIZE + 1]; // we decode the Query String in this buffer
char last_url[NETDATA_WEB_REQUEST_URL_SIZE + 1]; // we keep a copy of the decoded URL here
Reported by FlawFinder.
Line: 160
Column: 5
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
char client_port[NI_MAXSERV];
char server_host[NI_MAXHOST];
char client_host[NI_MAXHOST];
char forwarded_host[NI_MAXHOST]; //Used with proxy
char decoded_url[NETDATA_WEB_REQUEST_URL_SIZE + 1]; // we decode the URL in this buffer
char decoded_query_string[NETDATA_WEB_REQUEST_URL_SIZE + 1]; // we decode the Query String in this buffer
char last_url[NETDATA_WEB_REQUEST_URL_SIZE + 1]; // we keep a copy of the decoded URL here
size_t url_path_length;
Reported by FlawFinder.
Line: 162
Column: 5
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
char client_host[NI_MAXHOST];
char forwarded_host[NI_MAXHOST]; //Used with proxy
char decoded_url[NETDATA_WEB_REQUEST_URL_SIZE + 1]; // we decode the URL in this buffer
char decoded_query_string[NETDATA_WEB_REQUEST_URL_SIZE + 1]; // we decode the Query String in this buffer
char last_url[NETDATA_WEB_REQUEST_URL_SIZE + 1]; // we keep a copy of the decoded URL here
size_t url_path_length;
char separator; // This value can be either '?' or 'f'
char *url_search_path; //A pointer to the search path sent by the client
Reported by FlawFinder.
Line: 163
Column: 5
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
char forwarded_host[NI_MAXHOST]; //Used with proxy
char decoded_url[NETDATA_WEB_REQUEST_URL_SIZE + 1]; // we decode the URL in this buffer
char decoded_query_string[NETDATA_WEB_REQUEST_URL_SIZE + 1]; // we decode the Query String in this buffer
char last_url[NETDATA_WEB_REQUEST_URL_SIZE + 1]; // we keep a copy of the decoded URL here
size_t url_path_length;
char separator; // This value can be either '?' or 'f'
char *url_search_path; //A pointer to the search path sent by the client
Reported by FlawFinder.
Line: 164
Column: 5
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
char decoded_url[NETDATA_WEB_REQUEST_URL_SIZE + 1]; // we decode the URL in this buffer
char decoded_query_string[NETDATA_WEB_REQUEST_URL_SIZE + 1]; // we decode the Query String in this buffer
char last_url[NETDATA_WEB_REQUEST_URL_SIZE + 1]; // we keep a copy of the decoded URL here
size_t url_path_length;
char separator; // This value can be either '?' or 'f'
char *url_search_path; //A pointer to the search path sent by the client
struct timeval tv_in, tv_ready;
Reported by FlawFinder.
Line: 171
Column: 5
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct timeval tv_in, tv_ready;
char cookie1[NETDATA_WEB_REQUEST_COOKIE_SIZE + 1];
char cookie2[NETDATA_WEB_REQUEST_COOKIE_SIZE + 1];
char origin[NETDATA_WEB_REQUEST_ORIGIN_HEADER_SIZE + 1];
char *user_agent;
struct response response;
Reported by FlawFinder.
Line: 172
Column: 5
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct timeval tv_in, tv_ready;
char cookie1[NETDATA_WEB_REQUEST_COOKIE_SIZE + 1];
char cookie2[NETDATA_WEB_REQUEST_COOKIE_SIZE + 1];
char origin[NETDATA_WEB_REQUEST_ORIGIN_HEADER_SIZE + 1];
char *user_agent;
struct response response;
Reported by FlawFinder.
collectors/python.d.plugin/dovecot/dovecot.chart.py
10 issues
Line: 6
Column: 1
# Author: Pawel Krupa (paulfantom)
# SPDX-License-Identifier: GPL-3.0-or-later
from bases.FrameworkServices.SocketService import SocketService
UNIX_SOCKET = '/var/run/dovecot/stats'
ORDER = [
'sessions',
Reported by Pylint.
Line: 1
Column: 1
# -*- coding: utf-8 -*-
# Description: dovecot netdata python.d module
# Author: Pawel Krupa (paulfantom)
# SPDX-License-Identifier: GPL-3.0-or-later
from bases.FrameworkServices.SocketService import SocketService
UNIX_SOCKET = '/var/run/dovecot/stats'
Reported by Pylint.
Line: 27
Column: 1
CHARTS = {
'sessions': {
'options': [None, 'Dovecot Active Sessions', 'number', 'sessions', 'dovecot.sessions', 'line'],
'lines': [
['num_connected_sessions', 'active sessions', 'absolute']
]
},
'logins': {
Reported by Pylint.
Line: 52
Column: 1
]
},
'context_switches': {
'options': [None, 'Dovecot Context Switches', 'switches', 'context switches', 'dovecot.context_switches',
'line'],
'lines': [
['vol_cs', 'voluntary', 'absolute'],
['invol_cs', 'involuntary', 'absolute']
]
Reported by Pylint.
Line: 67
Column: 1
]
},
'net': {
'options': [None, 'Dovecot Network Bandwidth', 'kilobits/s', 'network', 'dovecot.net', 'area'],
'lines': [
['read_bytes', 'read', 'incremental', 8, 1000],
['write_bytes', 'write', 'incremental', -8, 1000]
]
},
Reported by Pylint.
Line: 74
Column: 1
]
},
'syscalls': {
'options': [None, 'Dovecot Number of SysCalls', 'syscalls/s', 'system', 'dovecot.syscalls', 'line'],
'lines': [
['read_count', 'read', 'incremental'],
['write_count', 'write', 'incremental']
]
},
Reported by Pylint.
Line: 94
Column: 1
]
},
'auth': {
'options': [None, 'Dovecot Authentications', 'attempts', 'logins', 'dovecot.auth', 'stacked'],
'lines': [
['auth_successes', 'ok', 'absolute'],
['auth_failures', 'failed', 'absolute']
]
},
Reported by Pylint.
Line: 101
Column: 1
]
},
'auth_cache': {
'options': [None, 'Dovecot Authentication Cache', 'number', 'cache', 'dovecot.auth_cache', 'stacked'],
'lines': [
['auth_cache_hits', 'hit', 'absolute'],
['auth_cache_misses', 'miss', 'absolute']
]
}
Reported by Pylint.
Line: 110
Column: 1
}
class Service(SocketService):
def __init__(self, configuration=None, name=None):
SocketService.__init__(self, configuration=configuration, name=name)
self.order = ORDER
self.definitions = CHARTS
self.host = None # localhost
Reported by Pylint.
Line: 110
Column: 1
}
class Service(SocketService):
def __init__(self, configuration=None, name=None):
SocketService.__init__(self, configuration=configuration, name=name)
self.order = ORDER
self.definitions = CHARTS
self.host = None # localhost
Reported by Pylint.
backends/opentsdb/opentsdb.c
10 issues
Line: 24
Column: 5
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
(void)after;
(void)before;
char chart_name[RRD_ID_LENGTH_MAX + 1];
char dimension_name[RRD_ID_LENGTH_MAX + 1];
backend_name_copy(chart_name, (backend_options & BACKEND_OPTION_SEND_NAMES && st->name)?st->name:st->id, RRD_ID_LENGTH_MAX);
backend_name_copy(dimension_name, (backend_options & BACKEND_OPTION_SEND_NAMES && rd->name)?rd->name:rd->id, RRD_ID_LENGTH_MAX);
buffer_sprintf(
Reported by FlawFinder.
Line: 25
Column: 5
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
(void)before;
char chart_name[RRD_ID_LENGTH_MAX + 1];
char dimension_name[RRD_ID_LENGTH_MAX + 1];
backend_name_copy(chart_name, (backend_options & BACKEND_OPTION_SEND_NAMES && st->name)?st->name:st->id, RRD_ID_LENGTH_MAX);
backend_name_copy(dimension_name, (backend_options & BACKEND_OPTION_SEND_NAMES && rd->name)?rd->name:rd->id, RRD_ID_LENGTH_MAX);
buffer_sprintf(
b
Reported by FlawFinder.
Line: 61
Column: 5
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
time_t first_t = after, last_t = before;
calculated_number value = backend_calculate_value_from_stored_data(st, rd, after, before, backend_options, &first_t, &last_t);
char chart_name[RRD_ID_LENGTH_MAX + 1];
char dimension_name[RRD_ID_LENGTH_MAX + 1];
backend_name_copy(chart_name, (backend_options & BACKEND_OPTION_SEND_NAMES && st->name)?st->name:st->id, RRD_ID_LENGTH_MAX);
backend_name_copy(dimension_name, (backend_options & BACKEND_OPTION_SEND_NAMES && rd->name)?rd->name:rd->id, RRD_ID_LENGTH_MAX);
if(!isnan(value)) {
Reported by FlawFinder.
Line: 62
Column: 5
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
calculated_number value = backend_calculate_value_from_stored_data(st, rd, after, before, backend_options, &first_t, &last_t);
char chart_name[RRD_ID_LENGTH_MAX + 1];
char dimension_name[RRD_ID_LENGTH_MAX + 1];
backend_name_copy(chart_name, (backend_options & BACKEND_OPTION_SEND_NAMES && st->name)?st->name:st->id, RRD_ID_LENGTH_MAX);
backend_name_copy(dimension_name, (backend_options & BACKEND_OPTION_SEND_NAMES && rd->name)?rd->name:rd->id, RRD_ID_LENGTH_MAX);
if(!isnan(value)) {
Reported by FlawFinder.
Line: 121
Column: 5
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
(void)after;
(void)before;
char message[1024];
char chart_name[RRD_ID_LENGTH_MAX + 1];
char dimension_name[RRD_ID_LENGTH_MAX + 1];
backend_name_copy(chart_name, (backend_options & BACKEND_OPTION_SEND_NAMES && st->name)?st->name:st->id, RRD_ID_LENGTH_MAX);
backend_name_copy(dimension_name, (backend_options & BACKEND_OPTION_SEND_NAMES && rd->name)?rd->name:rd->id, RRD_ID_LENGTH_MAX);
Reported by FlawFinder.
Line: 122
Column: 5
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
(void)before;
char message[1024];
char chart_name[RRD_ID_LENGTH_MAX + 1];
char dimension_name[RRD_ID_LENGTH_MAX + 1];
backend_name_copy(chart_name, (backend_options & BACKEND_OPTION_SEND_NAMES && st->name)?st->name:st->id, RRD_ID_LENGTH_MAX);
backend_name_copy(dimension_name, (backend_options & BACKEND_OPTION_SEND_NAMES && rd->name)?rd->name:rd->id, RRD_ID_LENGTH_MAX);
int length = snprintfz(message
Reported by FlawFinder.
Line: 123
Column: 5
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
char message[1024];
char chart_name[RRD_ID_LENGTH_MAX + 1];
char dimension_name[RRD_ID_LENGTH_MAX + 1];
backend_name_copy(chart_name, (backend_options & BACKEND_OPTION_SEND_NAMES && st->name)?st->name:st->id, RRD_ID_LENGTH_MAX);
backend_name_copy(dimension_name, (backend_options & BACKEND_OPTION_SEND_NAMES && rd->name)?rd->name:rd->id, RRD_ID_LENGTH_MAX);
int length = snprintfz(message
, sizeof(message)
Reported by FlawFinder.
Line: 171
Column: 9
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
calculated_number value = backend_calculate_value_from_stored_data(st, rd, after, before, backend_options, &first_t, &last_t);
if(!isnan(value)) {
char chart_name[RRD_ID_LENGTH_MAX + 1];
char dimension_name[RRD_ID_LENGTH_MAX + 1];
backend_name_copy(chart_name, (backend_options & BACKEND_OPTION_SEND_NAMES && st->name)?st->name:st->id, RRD_ID_LENGTH_MAX);
backend_name_copy(dimension_name, (backend_options & BACKEND_OPTION_SEND_NAMES && rd->name)?rd->name:rd->id, RRD_ID_LENGTH_MAX);
char message[1024];
Reported by FlawFinder.
Line: 172
Column: 9
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
if(!isnan(value)) {
char chart_name[RRD_ID_LENGTH_MAX + 1];
char dimension_name[RRD_ID_LENGTH_MAX + 1];
backend_name_copy(chart_name, (backend_options & BACKEND_OPTION_SEND_NAMES && st->name)?st->name:st->id, RRD_ID_LENGTH_MAX);
backend_name_copy(dimension_name, (backend_options & BACKEND_OPTION_SEND_NAMES && rd->name)?rd->name:rd->id, RRD_ID_LENGTH_MAX);
char message[1024];
int length = snprintfz(message
Reported by FlawFinder.
Line: 176
Column: 9
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
backend_name_copy(chart_name, (backend_options & BACKEND_OPTION_SEND_NAMES && st->name)?st->name:st->id, RRD_ID_LENGTH_MAX);
backend_name_copy(dimension_name, (backend_options & BACKEND_OPTION_SEND_NAMES && rd->name)?rd->name:rd->id, RRD_ID_LENGTH_MAX);
char message[1024];
int length = snprintfz(message
, sizeof(message)
, "{"
" \"metric\": \"%s.%s.%s\","
" \"timestamp\": %llu,"
Reported by FlawFinder.
aclk/aclk_otp.c
10 issues
Line: 497
Column: 5
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
debug(D_ACLK, "Encoded len=%zu Decryption len=%d: '%s'", encoded_len, decrypted_length, encoded);
char response_json[4096]={};
sprintf(response_json, "{\"response\":\"%s\"}", encoded);
debug(D_ACLK, "Password phase: %s",response_json);
https_req_response_free(&resp);
https_req_response_init(&resp);
Reported by FlawFinder.
Line: 51
Column: 12
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
// Size errors (i.e. invalid input size or insufficient output space) are caught.
static size_t base64_decode(unsigned char *input, size_t input_size, unsigned char *output, size_t output_size)
{
static char lookup[256];
static int first_time=1;
if (first_time)
{
first_time = 0;
for(int i=0; i<256; i++)
Reported by FlawFinder.
Line: 169
Column: 9
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
{
int result = RSA_private_decrypt( data_len, enc_data, decrypted, p_key, RSA_PKCS1_OAEP_PADDING);
if (result == -1) {
char err[512];
ERR_error_string_n(ERR_get_error(), err, sizeof(err));
error("Decryption of the challenge failed: %s", err);
}
return result;
}
Reported by FlawFinder.
Line: 485
Column: 14
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
// Decrypt the Challenge and Calculate Response
size_t challenge_len = strlen(challenge.result);
unsigned char decoded[512];
size_t decoded_len = base64_decode((unsigned char*)challenge.result, challenge_len, decoded, sizeof(decoded));
freez(challenge.result);
unsigned char plaintext[4096]={};
int decrypted_length = private_decrypt(p_key, decoded, decoded_len, plaintext);
Reported by FlawFinder.
Line: 489
Column: 14
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
size_t decoded_len = base64_decode((unsigned char*)challenge.result, challenge_len, decoded, sizeof(decoded));
freez(challenge.result);
unsigned char plaintext[4096]={};
int decrypted_length = private_decrypt(p_key, decoded, decoded_len, plaintext);
char encoded[512];
size_t encoded_len = base64_encode(plaintext, decrypted_length, encoded, sizeof(encoded));
encoded[encoded_len] = 0;
debug(D_ACLK, "Encoded len=%zu Decryption len=%d: '%s'", encoded_len, decrypted_length, encoded);
Reported by FlawFinder.
Line: 491
Column: 5
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
unsigned char plaintext[4096]={};
int decrypted_length = private_decrypt(p_key, decoded, decoded_len, plaintext);
char encoded[512];
size_t encoded_len = base64_encode(plaintext, decrypted_length, encoded, sizeof(encoded));
encoded[encoded_len] = 0;
debug(D_ACLK, "Encoded len=%zu Decryption len=%d: '%s'", encoded_len, decrypted_length, encoded);
char response_json[4096]={};
Reported by FlawFinder.
Line: 496
Column: 5
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
encoded[encoded_len] = 0;
debug(D_ACLK, "Encoded len=%zu Decryption len=%d: '%s'", encoded_len, decrypted_length, encoded);
char response_json[4096]={};
sprintf(response_json, "{\"response\":\"%s\"}", encoded);
debug(D_ACLK, "Password phase: %s",response_json);
https_req_response_free(&resp);
https_req_response_init(&resp);
Reported by FlawFinder.
Line: 440
Column: 33
CWE codes:
126
// TODO this fnc will be rewritten and simplified in following PRs
// still carries lot of baggage from ACLK Legacy
int rc = 1;
BUFFER *url = buffer_create(strlen(OTP_URL_PREFIX) + UUID_STR_LEN + 20);
https_req_t req = HTTPS_REQ_T_INITIALIZER;
https_req_response_t resp = HTTPS_REQ_RESPONSE_T_INITIALIZER;
char *agent_id = is_agent_claimed();
Reported by FlawFinder.
Line: 484
Column: 28
CWE codes:
126
}
// Decrypt the Challenge and Calculate Response
size_t challenge_len = strlen(challenge.result);
unsigned char decoded[512];
size_t decoded_len = base64_decode((unsigned char*)challenge.result, challenge_len, decoded, sizeof(decoded));
freez(challenge.result);
unsigned char plaintext[4096]={};
Reported by FlawFinder.
Line: 509
Column: 24
CWE codes:
126
buffer_sprintf(url, "%s/node/%s/password", target->path, agent_id);
req.url = url->buffer;
req.payload = response_json;
req.payload_size = strlen(response_json);
if (aclk_https_request(&req, &resp)) {
error ("ACLK_OTP Password error trying to post result to password");
goto cleanup;
}
Reported by FlawFinder.
collectors/proc.plugin/sys_class_power_supply.c
10 issues
Line: 129
Column: 9
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
keep_fds_open_config = config_get_boolean_ondemand("plugin:proc:/sys/class/power_supply", "keep files open", CONFIG_BOOLEAN_AUTO);
char filename[FILENAME_MAX + 1];
snprintfz(filename, FILENAME_MAX, "%s%s", netdata_configured_host_prefix, "/sys/class/power_supply");
dirname = config_get("plugin:proc:/sys/class/power_supply", "directory to monitor", filename);
}
DIR *dir = opendir(dirname);
Reported by FlawFinder.
Line: 171
Column: 21
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct stat stbuf;
if(likely(do_capacity != CONFIG_BOOLEAN_NO)) {
char filename[FILENAME_MAX + 1];
snprintfz(filename, FILENAME_MAX, "%s/%s/%s", dirname, de->d_name, "capacity");
if (stat(filename, &stbuf) == 0) {
ps->capacity = callocz(sizeof(struct capacity), 1);
ps->capacity->filename = strdupz(filename);
ps->capacity->fd = -1;
Reported by FlawFinder.
Line: 193
Column: 29
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
for(pd_idx = pr_idx * 5; pd_idx < pr_idx * 5 + 5; pd_idx++) {
// check if file exists
char filename[FILENAME_MAX + 1];
snprintfz(filename, FILENAME_MAX, "%s/%s/%s_%s", dirname, de->d_name,
ps_property_names[pr_idx], ps_property_dim_names[pd_idx]);
if (stat(filename, &stbuf) == 0) {
if(unlikely(pd_idx == pr_idx * 5 + 1))
Reported by FlawFinder.
Line: 241
Column: 17
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
// read capacity file
if(likely(ps->capacity)) {
char buffer[30 + 1];
if(unlikely(ps->capacity->fd == -1)) {
ps->capacity->fd = open(ps->capacity->filename, O_RDONLY, 0666);
if(unlikely(ps->capacity->fd == -1)) {
error("Cannot open file '%s'", ps->capacity->filename);
Reported by FlawFinder.
Line: 244
Column: 40
CWE codes:
362
char buffer[30 + 1];
if(unlikely(ps->capacity->fd == -1)) {
ps->capacity->fd = open(ps->capacity->filename, O_RDONLY, 0666);
if(unlikely(ps->capacity->fd == -1)) {
error("Cannot open file '%s'", ps->capacity->filename);
power_supply_free(ps);
ps = NULL;
}
Reported by FlawFinder.
Line: 286
Column: 29
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct ps_property_dim *pd;
for(pd = pr->property_dim_root; pd; pd = pd->next) {
if(likely(!pd->always_zero)) {
char buffer[30 + 1];
if(unlikely(pd->fd == -1)) {
pd->fd = open(pd->filename, O_RDONLY, 0666);
if(unlikely(pd->fd == -1)) {
error("Cannot open file '%s'", pd->filename);
Reported by FlawFinder.
Line: 289
Column: 42
CWE codes:
362
char buffer[30 + 1];
if(unlikely(pd->fd == -1)) {
pd->fd = open(pd->filename, O_RDONLY, 0666);
if(unlikely(pd->fd == -1)) {
error("Cannot open file '%s'", pd->filename);
read_error = 1;
power_supply_free(ps);
break;
Reported by FlawFinder.
Line: 374
Column: 17
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct ps_property *pr;
for(pr = ps->property_root; pr; pr = pr->next) {
if(unlikely(!pr->st)) {
char id[RRD_ID_LENGTH_MAX + 1], context[RRD_ID_LENGTH_MAX + 1];
snprintfz(id, RRD_ID_LENGTH_MAX, "powersupply_%s", pr->name);
snprintfz(context, RRD_ID_LENGTH_MAX, "powersupply.%s", pr->name);
pr->st = rrdset_create_localhost(
id
Reported by FlawFinder.
Line: 254
Column: 33
CWE codes:
120
20
if (ps)
{
ssize_t r = read(ps->capacity->fd, buffer, 30);
if(unlikely(r < 1)) {
error("Cannot read file '%s'", ps->capacity->filename);
power_supply_free(ps);
ps = NULL;
}
Reported by FlawFinder.
Line: 298
Column: 41
CWE codes:
120
20
}
}
ssize_t r = read(pd->fd, buffer, 30);
if(unlikely(r < 1)) {
error("Cannot read file '%s'", pd->filename);
read_error = 1;
power_supply_free(ps);
break;
Reported by FlawFinder.
collectors/python.d.plugin/python_modules/pyyaml3/error.py
10 issues
Line: 51
Column: 5
class MarkedYAMLError(YAMLError):
def __init__(self, context=None, context_mark=None,
problem=None, problem_mark=None, note=None):
self.context = context
self.context_mark = context_mark
self.problem = problem
self.problem_mark = problem_mark
Reported by Pylint.
Line: 1
Column: 1
# SPDX-License-Identifier: MIT
__all__ = ['Mark', 'YAMLError', 'MarkedYAMLError']
class Mark:
def __init__(self, name, index, line, column, buffer, pointer):
self.name = name
self.index = index
Reported by Pylint.
Line: 5
Column: 1
__all__ = ['Mark', 'YAMLError', 'MarkedYAMLError']
class Mark:
def __init__(self, name, index, line, column, buffer, pointer):
self.name = name
self.index = index
self.line = line
Reported by Pylint.
Line: 7
Column: 5
class Mark:
def __init__(self, name, index, line, column, buffer, pointer):
self.name = name
self.index = index
self.line = line
self.column = column
self.buffer = buffer
Reported by Pylint.
Line: 15
Column: 5
self.buffer = buffer
self.pointer = pointer
def get_snippet(self, indent=4, max_length=75):
if self.buffer is None:
return None
head = ''
start = self.pointer
while start > 0 and self.buffer[start-1] not in '\0\r\n\x85\u2028\u2029':
Reported by Pylint.
Line: 46
Column: 1
where += ":\n"+snippet
return where
class YAMLError(Exception):
pass
class MarkedYAMLError(YAMLError):
def __init__(self, context=None, context_mark=None,
Reported by Pylint.
Line: 49
Column: 1
class YAMLError(Exception):
pass
class MarkedYAMLError(YAMLError):
def __init__(self, context=None, context_mark=None,
problem=None, problem_mark=None, note=None):
self.context = context
self.context_mark = context_mark
Reported by Pylint.
Line: 51
Column: 5
class MarkedYAMLError(YAMLError):
def __init__(self, context=None, context_mark=None,
problem=None, problem_mark=None, note=None):
self.context = context
self.context_mark = context_mark
self.problem = problem
self.problem_mark = problem_mark
Reported by Pylint.
Line: 63
Column: 12
lines = []
if self.context is not None:
lines.append(self.context)
if self.context_mark is not None \
and (self.problem is None or self.problem_mark is None
or self.context_mark.name != self.problem_mark.name
or self.context_mark.line != self.problem_mark.line
or self.context_mark.column != self.problem_mark.column):
lines.append(str(self.context_mark))
Reported by Pylint.
Line: 76
Column: 1
if self.note is not None:
lines.append(self.note)
return '\n'.join(lines)
Reported by Pylint.
aclk/aclk_query.c
10 issues
Line: 62
Column: 5
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
{
int res;
uuid_t node_id_bin, host_id_bin;
char host_id[UUID_STR_LEN];
if (uuid_parse(node_id, node_id_bin)) {
error("Couldn't parse UUID %s", node_id);
return NULL;
}
if ((res = get_host_id(&node_id_bin, &host_id_bin))) {
Reported by FlawFinder.
Line: 103
Column: 9
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
if (!strncmp(query->data.http_api_v2.query, NODE_ID_QUERY, strlen(NODE_ID_QUERY))) {
char *node_uuid = query->data.http_api_v2.query + strlen(NODE_ID_QUERY);
char nodeid[UUID_STR_LEN];
if (strlen(node_uuid) < (UUID_STR_LEN - 1)) {
error("URL requests node_id but there is not enough chars following");
retval = 1;
goto cleanup;
}
Reported by FlawFinder.
Line: 178
Column: 13
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
}
int bytes_to_cpy = NETDATA_WEB_RESPONSE_ZLIB_CHUNK_SIZE - w->response.zstream.avail_out;
buffer_need_bytes(z_buffer, bytes_to_cpy);
memcpy(&z_buffer->buffer[z_buffer->len], w->response.zbuffer, bytes_to_cpy);
z_buffer->len += bytes_to_cpy;
} while(z_ret != Z_STREAM_END);
// so that web_client_build_http_header
// puts correct content lenght into header
buffer_free(w->response.data);
Reported by FlawFinder.
Line: 200
Column: 13
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
#ifdef NETDATA_WITH_ZLIB
if (w->response.zinitialized) {
buffer_need_bytes(local_buffer, w->response.data->len);
memcpy(&local_buffer->buffer[local_buffer->len], w->response.data->buffer, w->response.data->len);
local_buffer->len += w->response.data->len;
sent = sent - size + w->response.data->len;
} else {
#endif
buffer_strcat(local_buffer, w->response.data->buffer);
Reported by FlawFinder.
Line: 353
Column: 5
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
{
info("Starting %d query threads.", query_threads->count);
char thread_name[TASK_LEN_MAX];
query_threads->thread_list = callocz(query_threads->count, sizeof(struct aclk_query_thread));
for (int i = 0; i < query_threads->count; i++) {
query_threads->thread_list[i].idx = i; //thread needs to know its index for statistics
if(unlikely(snprintf(thread_name, TASK_LEN_MAX, "%s_%d", ACLK_QUERY_THREAD_NAME, i) < 0))
Reported by FlawFinder.
Line: 96
Column: 5
CWE codes:
120
Suggestion:
Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused)
w->response.data = buffer_create(NETDATA_WEB_RESPONSE_INITIAL_SIZE);
w->response.header = buffer_create(NETDATA_WEB_RESPONSE_HEADER_SIZE);
w->response.header_output = buffer_create(NETDATA_WEB_RESPONSE_HEADER_SIZE);
strcpy(w->origin, "*"); // Simulate web_client_create_on_fd()
w->cookie1[0] = 0; // Simulate web_client_create_on_fd()
w->cookie2[0] = 0; // Simulate web_client_create_on_fd()
w->acl = 0x1f;
if (!strncmp(query->data.http_api_v2.query, NODE_ID_QUERY, strlen(NODE_ID_QUERY))) {
Reported by FlawFinder.
Line: 101
Column: 64
CWE codes:
126
w->cookie2[0] = 0; // Simulate web_client_create_on_fd()
w->acl = 0x1f;
if (!strncmp(query->data.http_api_v2.query, NODE_ID_QUERY, strlen(NODE_ID_QUERY))) {
char *node_uuid = query->data.http_api_v2.query + strlen(NODE_ID_QUERY);
char nodeid[UUID_STR_LEN];
if (strlen(node_uuid) < (UUID_STR_LEN - 1)) {
error("URL requests node_id but there is not enough chars following");
retval = 1;
Reported by FlawFinder.
Line: 102
Column: 59
CWE codes:
126
w->acl = 0x1f;
if (!strncmp(query->data.http_api_v2.query, NODE_ID_QUERY, strlen(NODE_ID_QUERY))) {
char *node_uuid = query->data.http_api_v2.query + strlen(NODE_ID_QUERY);
char nodeid[UUID_STR_LEN];
if (strlen(node_uuid) < (UUID_STR_LEN - 1)) {
error("URL requests node_id but there is not enough chars following");
retval = 1;
goto cleanup;
Reported by FlawFinder.
Line: 104
Column: 13
CWE codes:
126
if (!strncmp(query->data.http_api_v2.query, NODE_ID_QUERY, strlen(NODE_ID_QUERY))) {
char *node_uuid = query->data.http_api_v2.query + strlen(NODE_ID_QUERY);
char nodeid[UUID_STR_LEN];
if (strlen(node_uuid) < (UUID_STR_LEN - 1)) {
error("URL requests node_id but there is not enough chars following");
retval = 1;
goto cleanup;
}
strncpyz(nodeid, node_uuid, UUID_STR_LEN - 1);
Reported by FlawFinder.
Line: 145
Column: 18
CWE codes:
126
#ifdef NETDATA_WITH_ZLIB
// check if gzip encoding can and should be used
if ((start = strstr((char *)query->data.http_api_v2.payload, WEB_HDR_ACCEPT_ENC))) {
start += strlen(WEB_HDR_ACCEPT_ENC);
end = strstr(start, "\x0D\x0A");
start = strstr(start, "gzip");
if (start && start < end) {
w->response.zstream.zalloc = Z_NULL;
Reported by FlawFinder.
collectors/python.d.plugin/sensors/sensors.chart.py
10 issues
Line: 6
Column: 1
# Author: Pawel Krupa (paulfantom)
# SPDX-License-Identifier: GPL-3.0-or-later
from bases.FrameworkServices.SimpleService import SimpleService
from third_party import lm_sensors as sensors
ORDER = [
'temperature',
'fan',
Reported by Pylint.
Line: 7
Column: 1
# SPDX-License-Identifier: GPL-3.0-or-later
from bases.FrameworkServices.SimpleService import SimpleService
from third_party import lm_sensors as sensors
ORDER = [
'temperature',
'fan',
'voltage',
Reported by Pylint.
Line: 1
Column: 1
# -*- coding: utf-8 -*-
# Description: sensors netdata python.d plugin
# Author: Pawel Krupa (paulfantom)
# SPDX-License-Identifier: GPL-3.0-or-later
from bases.FrameworkServices.SimpleService import SimpleService
from third_party import lm_sensors as sensors
ORDER = [
Reported by Pylint.
Line: 88
Column: 1
}
class Service(SimpleService):
def __init__(self, configuration=None, name=None):
SimpleService.__init__(self, configuration=configuration, name=name)
self.order = list()
self.definitions = dict()
self.chips = configuration.get('chips')
Reported by Pylint.
Line: 95
Column: 5
self.definitions = dict()
self.chips = configuration.get('chips')
def get_data(self):
data = dict()
try:
for chip in sensors.ChipIterator():
prefix = sensors.chip_snprintf_name(chip)
for feature in sensors.FeatureIterator(chip):
Reported by Pylint.
Line: 103
Column: 25
for feature in sensors.FeatureIterator(chip):
sfi = sensors.SubFeatureIterator(chip, feature)
val = None
for sf in sfi:
try:
val = sensors.get_value(chip, sf.number)
break
except sensors.SensorsError:
continue
Reported by Pylint.
Line: 123
Column: 5
return data or None
def create_definitions(self):
for sensor in ORDER:
for chip in sensors.ChipIterator():
chip_name = sensors.chip_snprintf_name(chip)
if self.chips and not any([chip_name.startswith(ex) for ex in self.chips]):
continue
Reported by Pylint.
Line: 127
Column: 39
for sensor in ORDER:
for chip in sensors.ChipIterator():
chip_name = sensors.chip_snprintf_name(chip)
if self.chips and not any([chip_name.startswith(ex) for ex in self.chips]):
continue
for feature in sensors.FeatureIterator(chip):
sfi = sensors.SubFeatureIterator(chip, feature)
vals = list()
for sf in sfi:
Reported by Pylint.
Line: 132
Column: 25
for feature in sensors.FeatureIterator(chip):
sfi = sensors.SubFeatureIterator(chip, feature)
vals = list()
for sf in sfi:
try:
vals.append(sensors.get_value(chip, sf.number))
except sensors.SensorsError as error:
self.error('{0}: {1}'.format(sf.name, error))
continue
Reported by Pylint.
Line: 154
Column: 5
line[1] = sensors.get_label(chip, feature)
self.definitions[name]['lines'].append(line)
def check(self):
try:
sensors.init()
except sensors.SensorsError as error:
self.error(error)
return False
Reported by Pylint.
exporting/prometheus/prometheus.c
10 issues
Line: 291
Column: 9
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
if (!should_send_label(instance, label))
continue;
char key[PROMETHEUS_ELEMENT_MAX + 1];
char value[PROMETHEUS_ELEMENT_MAX + 1];
prometheus_name_copy(key, label->key, PROMETHEUS_ELEMENT_MAX);
prometheus_label_copy(value, label->value, PROMETHEUS_ELEMENT_MAX);
Reported by FlawFinder.
Line: 292
Column: 9
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
continue;
char key[PROMETHEUS_ELEMENT_MAX + 1];
char value[PROMETHEUS_ELEMENT_MAX + 1];
prometheus_name_copy(key, label->key, PROMETHEUS_ELEMENT_MAX);
prometheus_label_copy(value, label->value, PROMETHEUS_ELEMENT_MAX);
if (*key && *value) {
Reported by FlawFinder.
Line: 316
Column: 5
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
const char *labels;
time_t now;
int host_header_printed;
char name[PROMETHEUS_VARIABLE_MAX + 1];
};
/**
* Print host variables.
*
Reported by FlawFinder.
Line: 494
Column: 5
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
{
rrdhost_rdlock(host);
char hostname[PROMETHEUS_ELEMENT_MAX + 1];
prometheus_label_copy(hostname, host->hostname, PROMETHEUS_ELEMENT_MAX);
format_host_labels_prometheus(instance, host);
if (output_options & PROMETHEUS_OUTPUT_TIMESTAMPS)
Reported by FlawFinder.
Line: 515
Column: 5
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
host->program_name,
host->program_version);
char labels[PROMETHEUS_LABELS_MAX + 1] = "";
if (allhosts) {
if (instance->labels && buffer_tostring(instance->labels)) {
if (output_options & PROMETHEUS_OUTPUT_TIMESTAMPS) {
buffer_sprintf(
wb,
Reported by FlawFinder.
Line: 592
Column: 13
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
if (likely(can_send_rrdset(instance, st))) {
rrdset_rdlock(st);
char chart[PROMETHEUS_ELEMENT_MAX + 1];
char context[PROMETHEUS_ELEMENT_MAX + 1];
char family[PROMETHEUS_ELEMENT_MAX + 1];
char units[PROMETHEUS_ELEMENT_MAX + 1] = "";
prometheus_label_copy(
Reported by FlawFinder.
Line: 593
Column: 13
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
rrdset_rdlock(st);
char chart[PROMETHEUS_ELEMENT_MAX + 1];
char context[PROMETHEUS_ELEMENT_MAX + 1];
char family[PROMETHEUS_ELEMENT_MAX + 1];
char units[PROMETHEUS_ELEMENT_MAX + 1] = "";
prometheus_label_copy(
chart, (output_options & PROMETHEUS_OUTPUT_NAMES && st->name) ? st->name : st->id, PROMETHEUS_ELEMENT_MAX);
Reported by FlawFinder.
Line: 594
Column: 13
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
char chart[PROMETHEUS_ELEMENT_MAX + 1];
char context[PROMETHEUS_ELEMENT_MAX + 1];
char family[PROMETHEUS_ELEMENT_MAX + 1];
char units[PROMETHEUS_ELEMENT_MAX + 1] = "";
prometheus_label_copy(
chart, (output_options & PROMETHEUS_OUTPUT_NAMES && st->name) ? st->name : st->id, PROMETHEUS_ELEMENT_MAX);
prometheus_label_copy(family, st->family, PROMETHEUS_ELEMENT_MAX);
Reported by FlawFinder.
Line: 595
Column: 13
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
char chart[PROMETHEUS_ELEMENT_MAX + 1];
char context[PROMETHEUS_ELEMENT_MAX + 1];
char family[PROMETHEUS_ELEMENT_MAX + 1];
char units[PROMETHEUS_ELEMENT_MAX + 1] = "";
prometheus_label_copy(
chart, (output_options & PROMETHEUS_OUTPUT_NAMES && st->name) ? st->name : st->id, PROMETHEUS_ELEMENT_MAX);
prometheus_label_copy(family, st->family, PROMETHEUS_ELEMENT_MAX);
prometheus_name_copy(context, st->context, PROMETHEUS_ELEMENT_MAX);
Reported by FlawFinder.
Line: 636
Column: 21
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
rrddim_foreach_read(rd, st)
{
if (rd->collections_counter && !rrddim_flag_check(rd, RRDDIM_FLAG_OBSOLETE)) {
char dimension[PROMETHEUS_ELEMENT_MAX + 1];
char *suffix = "";
if (as_collected) {
// we need as-collected / raw data
Reported by FlawFinder.
exporting/tests/test_exporting_engine.c
10 issues
Line: 15
Column: 1
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
char *netdata_configured_stock_config_dir = ".";
char *netdata_configured_hostname = "test_global_host";
char log_line[MAX_LOG_LINE + 1];
BACKEND_OPTIONS global_backend_options = 0;
const char *global_backend_source = "average";
const char *global_backend_prefix = "netdata";
const char *global_backend_send_charts_matching = "*";
Reported by FlawFinder.
Line: 412
Column: 5
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
(void)state;
char *source_name = "test.name-with/special#characters_";
char destination_name[RRD_ID_LENGTH_MAX + 1];
assert_int_equal(exporting_name_copy(destination_name, source_name, RRD_ID_LENGTH_MAX), 34);
assert_string_equal(destination_name, "test.name_with_special_characters_");
}
Reported by FlawFinder.
Line: 621
Column: 5
CWE codes:
120
Suggestion:
Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused)
simple_connector_data->buffer = buffer_create(0);
simple_connector_data->last_buffer->header = buffer_create(0);
simple_connector_data->last_buffer->buffer = buffer_create(0);
strcpy(simple_connector_data->connected_to, "localhost");
buffer_sprintf(simple_connector_data->last_buffer->header, "test header");
buffer_sprintf(simple_connector_data->last_buffer->buffer, "test buffer");
expect_function_call(__wrap_connect_to_one_of);
Reported by FlawFinder.
Line: 673
Column: 5
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
(void)state;
char *src = "check \t\\\" string";
char dst[19 + 1];
sanitize_json_string(dst, src, 19);
assert_string_equal(dst, "check _\\\\\\\" string");
}
Reported by FlawFinder.
Line: 685
Column: 5
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
(void)state;
char *src = "check ;~ string";
char dst[15 + 1];
sanitize_graphite_label_value(dst, src, 15);
assert_string_equal(dst, "check____string");
}
Reported by FlawFinder.
Line: 697
Column: 5
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
(void)state;
char *src = "check \t\\\" #&$? -_./ string";
char dst[26 + 1];
sanitize_opentsdb_label_value(dst, src, 26);
assert_string_equal(dst, "check__________-_./_string");
}
Reported by FlawFinder.
Line: 1017
Column: 5
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
{
(void)*state;
char destination_name[PROMETHEUS_ELEMENT_MAX + 1];
assert_int_equal(prometheus_name_copy(destination_name, "test-name", PROMETHEUS_ELEMENT_MAX), 9);
assert_string_equal(destination_name, "test_name");
}
Reported by FlawFinder.
Line: 1027
Column: 5
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
{
(void)*state;
char destination_name[PROMETHEUS_ELEMENT_MAX + 1];
assert_int_equal(prometheus_label_copy(destination_name, "test\"\\\nlabel", PROMETHEUS_ELEMENT_MAX), 15);
assert_string_equal(destination_name, "test\\\"\\\\\\\nlabel");
}
Reported by FlawFinder.
Line: 1037
Column: 5
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
{
(void)*state;
char destination_name[PROMETHEUS_ELEMENT_MAX + 1];
assert_string_equal(prometheus_units_copy(destination_name, "test-units", PROMETHEUS_ELEMENT_MAX, 0), "_test_units");
assert_string_equal(destination_name, "_test_units");
assert_string_equal(prometheus_units_copy(destination_name, "%", PROMETHEUS_ELEMENT_MAX, 0), "_percent");
assert_string_equal(prometheus_units_copy(destination_name, "test-units/s", PROMETHEUS_ELEMENT_MAX, 0), "_test_units_persec");
Reported by FlawFinder.
Line: 1174
Column: 5
CWE codes:
120
Suggestion:
Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused)
simple_connector_data->last_buffer = callocz(1, sizeof(struct simple_connector_buffer));
simple_connector_data->last_buffer->header = buffer_create(0);
simple_connector_data->last_buffer->buffer = buffer_create(0);
strcpy(simple_connector_data->connected_to, "localhost");
buffer_sprintf(simple_connector_data->last_buffer->buffer, "test buffer");
prometheus_remote_write_prepare_header(instance);
Reported by FlawFinder.