The following issues were found
web/server/static/static-threaded.c
6 issues
Line: 171
Column: 9
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
//Read the first 7 bytes from the message, but the message
//is not removed from the queue, because we are using MSG_PEEK
char test[8];
if ( recv(w->ifd,test, 7,MSG_PEEK) == 7 ) {
test[7] = 0x00;
}
else {
//Case I do not have success to read 7 bytes,
Reported by FlawFinder.
Line: 330
Column: 9
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
if(unlikely(netdata_exit)) return;
if(unlikely(!st)) {
char id[100 + 1];
char title[100 + 1];
snprintfz(id, 100, "web_thread%d_cpu", worker_private->id + 1);
snprintfz(title, 100, "Netdata web server thread No %d CPU usage", worker_private->id + 1);
Reported by FlawFinder.
Line: 331
Column: 9
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
if(unlikely(!st)) {
char id[100 + 1];
char title[100 + 1];
snprintfz(id, 100, "web_thread%d_cpu", worker_private->id + 1);
snprintfz(title, 100, "Netdata web server thread No %d CPU usage", worker_private->id + 1);
st = rrdset_create_localhost(
Reported by FlawFinder.
Line: 499
Column: 9
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static_workers_private_data[i].id = i;
static_workers_private_data[i].max_sockets = max_sockets / static_threaded_workers_count;
char tag[50 + 1];
snprintfz(tag, 50, "WEB_SERVER[static%d]", i+1);
info("starting worker %d", i+1);
netdata_thread_create(&static_workers_private_data[i].thread, tag, NETDATA_THREAD_OPTION_DEFAULT,
socket_listen_main_static_threaded_worker, (void *)&static_workers_private_data[i]);
Reported by FlawFinder.
Line: 24
Column: 36
CWE codes:
120
Suggestion:
Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused)
strncpyz(w->client_port, pi->client_port, sizeof(w->client_port) - 1);
strncpyz(w->client_host, pi->client_host, sizeof(w->client_host) - 1);
if(unlikely(!*w->client_ip)) strcpy(w->client_ip, "-");
if(unlikely(!*w->client_port)) strcpy(w->client_port, "-");
w->port_acl = pi->port_acl;
web_client_initialize_connection(w);
w->pollinfo_slot = pi->slot;
Reported by FlawFinder.
Line: 25
Column: 36
CWE codes:
120
Suggestion:
Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused)
strncpyz(w->client_host, pi->client_host, sizeof(w->client_host) - 1);
if(unlikely(!*w->client_ip)) strcpy(w->client_ip, "-");
if(unlikely(!*w->client_port)) strcpy(w->client_port, "-");
w->port_acl = pi->port_acl;
web_client_initialize_connection(w);
w->pollinfo_slot = pi->slot;
return(w);
Reported by FlawFinder.
health/health_config.c
6 issues
Line: 256
Column: 5
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static inline uint32_t health_parse_options(const char *s) {
uint32_t options = 0;
char buf[100+1] = "";
while(*s) {
buf[0] = '\0';
// skip spaces
Reported by FlawFinder.
Line: 471
Column: 5
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
}
static inline char *health_source_file(size_t line, const char *file) {
char buffer[FILENAME_MAX + 1];
snprintfz(buffer, FILENAME_MAX, "%zu@%s", line, file);
return strdupz(buffer);
}
char *health_edit_command_from_source(const char *source)
Reported by FlawFinder.
Line: 478
Column: 5
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
char *health_edit_command_from_source(const char *source)
{
char buffer[FILENAME_MAX + 1];
char *temp = strdupz(source);
char *line_num = strchr(temp, '@');
char *file_no_path = strrchr(temp, '/');
if (likely(file_no_path && line_num)) {
Reported by FlawFinder.
Line: 540
Column: 5
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
hash_repeat = 0,
hash_host_label = 0;
char buffer[HEALTH_CONF_MAX_LINE + 1];
if(unlikely(!hash_alarm)) {
hash_alarm = simple_uhash(HEALTH_ALARM_KEY);
hash_template = simple_uhash(HEALTH_TEMPLATE_KEY);
hash_on = simple_uhash(HEALTH_ON_KEY);
Reported by FlawFinder.
Line: 572
Column: 16
CWE codes:
362
hash_host_label = simple_uhash(HEALTH_HOST_LABEL_KEY);
}
FILE *fp = fopen(filename, "r");
if(!fp) {
error("Health configuration cannot read file '%s'.", filename);
return 0;
}
Reported by FlawFinder.
Line: 590
Column: 18
CWE codes:
126
s = trim(buffer);
if(!s || *s == '#') continue;
append = strlen(s);
if(!stop_appending && s[append - 1] == '\\') {
s[append - 1] = ' ';
append = &s[append] - buffer;
if(append < HEALTH_CONF_MAX_LINE)
continue;
Reported by FlawFinder.
database/engine/metadata_log/logfile.c
6 issues
Line: 9
Column: 12
CWE codes:
134
Suggestion:
Use a constant for the format specification
void generate_metadata_logfile_path(struct metadata_logfile *metalogfile, char *str, size_t maxlen)
{
(void) snprintf(str, maxlen, "%s/" METALOG_PREFIX METALOG_FILE_NUMBER_PRINT_TMPL METALOG_EXTENSION,
metalogfile->ctx->rrdeng_ctx->dbfiles_path, metalogfile->starting_fileno, metalogfile->fileno);
}
void metadata_logfile_init(struct metadata_logfile *metalogfile, struct metalog_instance *ctx, unsigned starting_fileno,
unsigned fileno)
Reported by FlawFinder.
Line: 335
Column: 15
CWE codes:
120
20
Suggestion:
Specify a limit to %s, or use a different input function
metalogfiles = callocz(MIN(ret, MAX_DATAFILES), sizeof(*metalogfiles));
for (matched_files = 0 ; UV_EOF != uv_fs_scandir_next(&req, &dent) && matched_files < MAX_DATAFILES ; ) {
info("Scanning file \"%s/%s\"", dbfiles_path, dent.name);
ret = sscanf(dent.name, METALOG_PREFIX METALOG_FILE_NUMBER_SCAN_TMPL METALOG_EXTENSION, &starting_no, &no);
if (2 == ret) {
info("Matched file \"%s/%s\"", dbfiles_path, dent.name);
metalogfile = mallocz(sizeof(*metalogfile));
metadata_logfile_init(metalogfile, ctx, starting_no, no);
metalogfiles[matched_files++] = metalogfile;
Reported by FlawFinder.
Line: 29
Column: 5
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
//struct metalog_instance *ctx = metalogfile->ctx;
uv_fs_t req;
int ret;
char oldpath[RRDENG_PATH_MAX], newpath[RRDENG_PATH_MAX];
unsigned backup_starting_fileno, backup_fileno;
backup_starting_fileno = metalogfile->starting_fileno;
backup_fileno = metalogfile->fileno;
generate_metadata_logfile_path(metalogfile, oldpath, sizeof(oldpath));
Reported by FlawFinder.
Line: 59
Column: 5
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
//struct metalog_instance *ctx = metalogfile->ctx;
uv_fs_t req;
int ret;
char path[RRDENG_PATH_MAX];
generate_metadata_logfile_path(metalogfile, path, sizeof(path));
ret = uv_fs_unlink(NULL, &req, path, NULL);
if (ret < 0) {
Reported by FlawFinder.
Line: 254
Column: 5
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
uv_file file;
int ret, fd, error;
uint64_t file_size;
char path[RRDENG_PATH_MAX];
generate_metadata_logfile_path(metalogfile, path, sizeof(path));
if (file_is_migrated(path))
return 0;
Reported by FlawFinder.
Line: 302
Column: 5
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static int scan_metalog_files_cmp(const void *a, const void *b)
{
struct metadata_logfile *file1, *file2;
char path1[RRDENG_PATH_MAX], path2[RRDENG_PATH_MAX];
file1 = *(struct metadata_logfile **)a;
file2 = *(struct metadata_logfile **)b;
generate_metadata_logfile_path(file1, path1, sizeof(path1));
generate_metadata_logfile_path(file2, path2, sizeof(path2));
Reported by FlawFinder.
collectors/python.d.plugin/am2320/am2320.chart.py
6 issues
Line: 15
Column: 1
except ImportError:
HAS_AM2320 = False
from bases.FrameworkServices.SimpleService import SimpleService
ORDER = [
'temperature',
'humidity',
]
Reported by Pylint.
Line: 1
Column: 1
# _*_ coding: utf-8 _*_
# Description: AM2320 netdata module
# Author: tommybuck
# SPDX-License-Identifier: GPL-3.0-or-Later
try:
import board
import busio
import adafruit_am2320
Reported by Pylint.
Line: 38
Column: 1
}
class Service(SimpleService):
def __init__(self, configuration=None, name=None):
SimpleService.__init__(self, configuration=configuration, name=name)
self.order = ORDER
self.definitions = CHARTS
self.am = None
Reported by Pylint.
Line: 43
Column: 9
SimpleService.__init__(self, configuration=configuration, name=name)
self.order = ORDER
self.definitions = CHARTS
self.am = None
def check(self):
if not HAS_AM2320:
self.error("Could not find the adafruit-circuitpython-am2320 package.")
return False
Reported by Pylint.
Line: 45
Column: 5
self.definitions = CHARTS
self.am = None
def check(self):
if not HAS_AM2320:
self.error("Could not find the adafruit-circuitpython-am2320 package.")
return False
try:
Reported by Pylint.
Line: 59
Column: 5
return True
def get_data(self):
try:
return {
'temperature': self.am.temperature,
'humidity': self.am.relative_humidity,
}
Reported by Pylint.
collectors/ebpf.plugin/ebpf_apps.h
6 issues
Line: 393
Column: 5
CWE codes:
134
Suggestion:
Use a constant for the format specification
fprintf(stderr, "apps.plugin: ");
va_start(args, fmt);
vfprintf(stderr, fmt, args);
va_end(args);
fputc('\n', stderr);
}
Reported by FlawFinder.
Line: 106
Column: 5
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
};
struct target {
char compare[MAX_COMPARE_NAME + 1];
uint32_t comparehash;
size_t comparelen;
char id[MAX_NAME + 1];
uint32_t idhash;
Reported by FlawFinder.
Line: 110
Column: 5
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
uint32_t comparehash;
size_t comparelen;
char id[MAX_NAME + 1];
uint32_t idhash;
char name[MAX_NAME + 1];
uid_t uid;
Reported by FlawFinder.
Line: 113
Column: 5
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
char id[MAX_NAME + 1];
uint32_t idhash;
char name[MAX_NAME + 1];
uid_t uid;
gid_t gid;
// Changes made to simplify integration between apps and eBPF.
Reported by FlawFinder.
Line: 197
Column: 5
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct pid_stat {
int32_t pid;
char comm[MAX_COMPARE_NAME + 1];
char *cmdline;
uint32_t log_thrown;
// char state;
Reported by FlawFinder.
Line: 301
Column: 19
CWE codes:
120
20
unsigned char updated : 1; // 1 when the process is currently running
unsigned char updated_twice : 1; // 1 when the process was running in the previous iteration
unsigned char merged : 1; // 1 when it has been merged to its parent
unsigned char read : 1; // 1 when we have already read this process for this iteration
int sortlist; // higher numbers = top on the process tree
// each process gets a unique number
Reported by FlawFinder.
collectors/python.d.plugin/icecast/icecast.chart.py
6 issues
Line: 8
Column: 1
import json
from bases.FrameworkServices.UrlService import UrlService
ORDER = [
'listeners',
]
Reported by Pylint.
Line: 1
Column: 1
# -*- coding: utf-8 -*-
# Description: icecast netdata python.d module
# Author: Ilya Mashchenko (ilyam8)
# SPDX-License-Identifier: GPL-3.0-or-later
import json
from bases.FrameworkServices.UrlService import UrlService
Reported by Pylint.
Line: 16
Column: 1
CHARTS = {
'listeners': {
'options': [None, 'Number Of Listeners', 'listeners', 'listeners', 'icecast.listeners', 'line'],
'lines': [
]
}
}
Reported by Pylint.
Line: 23
Column: 1
}
class Source:
def __init__(self, idx, data):
self.name = 'source_{0}'.format(idx)
self.is_active = data.get('stream_start') and data.get('server_name')
self.listeners = data['listeners']
Reported by Pylint.
Line: 23
Column: 1
}
class Source:
def __init__(self, idx, data):
self.name = 'source_{0}'.format(idx)
self.is_active = data.get('stream_start') and data.get('server_name')
self.listeners = data['listeners']
Reported by Pylint.
Line: 30
Column: 1
self.listeners = data['listeners']
class Service(UrlService):
def __init__(self, configuration=None, name=None):
UrlService.__init__(self, configuration=configuration, name=name)
self.order = ORDER
self.definitions = CHARTS
self.url = self.configuration.get('url')
Reported by Pylint.
collectors/plugins.d/plugins_d.h
6 issues
Line: 45
Column: 8
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
#define PLUGINSD_MAX_WORDS 20
#define PLUGINSD_MAX_DIRECTORIES 20
extern char *plugin_directories[PLUGINSD_MAX_DIRECTORIES];
struct plugind {
char id[CONFIG_MAX_NAME+1]; // config node id
char filename[FILENAME_MAX+1]; // just the filename
Reported by FlawFinder.
Line: 48
Column: 5
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
extern char *plugin_directories[PLUGINSD_MAX_DIRECTORIES];
struct plugind {
char id[CONFIG_MAX_NAME+1]; // config node id
char filename[FILENAME_MAX+1]; // just the filename
char fullfilename[FILENAME_MAX+1]; // with path
char cmd[PLUGINSD_CMD_MAX+1]; // the command that it executes
Reported by FlawFinder.
Line: 50
Column: 5
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct plugind {
char id[CONFIG_MAX_NAME+1]; // config node id
char filename[FILENAME_MAX+1]; // just the filename
char fullfilename[FILENAME_MAX+1]; // with path
char cmd[PLUGINSD_CMD_MAX+1]; // the command that it executes
volatile pid_t pid;
netdata_thread_t thread;
Reported by FlawFinder.
Line: 51
Column: 5
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
char id[CONFIG_MAX_NAME+1]; // config node id
char filename[FILENAME_MAX+1]; // just the filename
char fullfilename[FILENAME_MAX+1]; // with path
char cmd[PLUGINSD_CMD_MAX+1]; // the command that it executes
volatile pid_t pid;
netdata_thread_t thread;
Reported by FlawFinder.
Line: 52
Column: 5
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
char filename[FILENAME_MAX+1]; // just the filename
char fullfilename[FILENAME_MAX+1]; // with path
char cmd[PLUGINSD_CMD_MAX+1]; // the command that it executes
volatile pid_t pid;
netdata_thread_t thread;
size_t successful_collections; // the number of times we have seen
Reported by FlawFinder.
Line: 21
Column: 34
CWE codes:
126
#define PLUGINSD_FILE_SUFFIX ".plugin"
#define PLUGINSD_FILE_SUFFIX_LEN strlen(PLUGINSD_FILE_SUFFIX)
#define PLUGINSD_CMD_MAX (FILENAME_MAX*2)
#define PLUGINSD_STOCK_PLUGINS_DIRECTORY_PATH 0
#define PLUGINSD_KEYWORD_CHART "CHART"
#define PLUGINSD_KEYWORD_DIMENSION "DIMENSION"
Reported by FlawFinder.
collectors/python.d.plugin/python_modules/urllib3/contrib/_securetransport/bindings.py
6 issues
Line: 498
Column: 5
CoreFoundation.CFDictionaryRef = CFDictionaryRef
except (AttributeError):
raise ImportError('Error initializing ctypes')
class CFConst(object):
"""
A class object that acts as essentially a namespace for CoreFoundation
Reported by Pylint.
Line: 497
Column: 1
CoreFoundation.CFStringRef = CFStringRef
CoreFoundation.CFDictionaryRef = CFDictionaryRef
except (AttributeError):
raise ImportError('Error initializing ctypes')
class CFConst(object):
"""
Reported by Pylint.
Line: 501
Column: 1
raise ImportError('Error initializing ctypes')
class CFConst(object):
"""
A class object that acts as essentially a namespace for CoreFoundation
constants.
"""
kCFStringEncodingUTF8 = CFStringEncoding(0x08000100)
Reported by Pylint.
Line: 501
Column: 1
raise ImportError('Error initializing ctypes')
class CFConst(object):
"""
A class object that acts as essentially a namespace for CoreFoundation
constants.
"""
kCFStringEncodingUTF8 = CFStringEncoding(0x08000100)
Reported by Pylint.
Line: 509
Column: 1
kCFStringEncodingUTF8 = CFStringEncoding(0x08000100)
class SecurityConst(object):
"""
A class object that acts as essentially a namespace for Security constants.
"""
kSSLSessionOptionBreakOnServerAuth = 0
Reported by Pylint.
Line: 509
Column: 1
kCFStringEncodingUTF8 = CFStringEncoding(0x08000100)
class SecurityConst(object):
"""
A class object that acts as essentially a namespace for Security constants.
"""
kSSLSessionOptionBreakOnServerAuth = 0
Reported by Pylint.
collectors/python.d.plugin/puppet/puppet.chart.py
6 issues
Line: 17
Column: 1
import socket
from json import loads
from bases.FrameworkServices.UrlService import UrlService
update_every = 5
MiB = 1 << 20
CPU_SCALE = 1000
Reported by Pylint.
Line: 1
Column: 1
# -*- coding: utf-8 -*-
# Description: puppet netdata python.d module
# Author: Andrey Galkin <andrey@futoin.org> (andvgal)
# SPDX-License-Identifier: GPL-3.0-or-later
#
# This module should work both with OpenSource and PE versions
# of PuppetServer and PuppetDB.
#
# NOTE: PuppetDB may be configured to require proper TLS
Reported by Pylint.
Line: 19
Column: 1
from bases.FrameworkServices.UrlService import UrlService
update_every = 5
MiB = 1 << 20
CPU_SCALE = 1000
ORDER = [
Reported by Pylint.
Line: 21
Column: 1
update_every = 5
MiB = 1 << 20
CPU_SCALE = 1000
ORDER = [
'jvm_heap',
'jvm_nonheap',
Reported by Pylint.
Line: 73
Column: 1
}
class Service(UrlService):
def __init__(self, configuration=None, name=None):
UrlService.__init__(self, configuration=configuration, name=name)
self.order = ORDER
self.definitions = CHARTS
self.url = 'https://{0}:8140'.format(socket.getfqdn())
Reported by Pylint.
Line: 73
Column: 1
}
class Service(UrlService):
def __init__(self, configuration=None, name=None):
UrlService.__init__(self, configuration=configuration, name=name)
self.order = ORDER
self.definitions = CHARTS
self.url = 'https://{0}:8140'.format(socket.getfqdn())
Reported by Pylint.
collectors/plugins.d/pluginsd_parser.c
6 issues
Line: 541
Column: 13
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
break;
remaining -= (length + 1);
memcpy(move, words[i], length);
move += length;
*move++ = ' ';
i++;
if (!words[i])
Reported by FlawFinder.
Line: 319
Column: 22
CWE codes:
126
// when data are streamed from child nodes
// name will be type.name
// so we have to remove 'type.' from name too
size_t len = strlen(type);
if (strncmp(type, name, len) == 0 && name[len] == '.')
name = &name[len + 1];
// if the name is the same with the id,
// or is just 'NULL', clear it.
Reported by FlawFinder.
Line: 536
Column: 29
CWE codes:
126
char *move = store;
int i = 3;
while (i < PLUGINSD_MAX_WORDS) {
size_t length = strlen(words[i]);
if ((length + 1) >= remaining)
break;
remaining -= (length + 1);
memcpy(move, words[i], length);
Reported by FlawFinder.
Line: 589
Column: 18
CWE codes:
126
error("requested a GUID, without a uuid.");
return PARSER_RC_ERROR;
}
if (unlikely(strlen(uuid_str) != GUID_LEN || uuid_parse(uuid_str, uuid) == -1)) {
error("requested a GUID, without a valid uuid string.");
return PARSER_RC_ERROR;
}
debug(D_PLUGINSD, "Parsed uuid=%s", uuid_str);
Reported by FlawFinder.
Line: 611
Column: 18
CWE codes:
126
error("requested a CONTEXT, without a uuid.");
return PARSER_RC_ERROR;
}
if (unlikely(strlen(uuid_str) != GUID_LEN || uuid_parse(uuid_str, uuid) == -1)) {
error("requested a CONTEXT, without a valid uuid string.");
return PARSER_RC_ERROR;
}
debug(D_PLUGINSD, "Parsed uuid=%s", uuid_str);
Reported by FlawFinder.
Line: 633
Column: 18
CWE codes:
126
error("requested a TOMBSTONE, without a uuid.");
return PARSER_RC_ERROR;
}
if (unlikely(strlen(uuid_str) != GUID_LEN || uuid_parse(uuid_str, uuid) == -1)) {
error("requested a TOMBSTONE, without a valid uuid string.");
return PARSER_RC_ERROR;
}
debug(D_PLUGINSD, "Parsed uuid=%s", uuid_str);
Reported by FlawFinder.