The following issues were found
collectors/proc.plugin/proc_softirqs.c
5 issues
Line: 17
Column: 5
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct interrupt {
int used;
char *id;
char name[MAX_INTERRUPT_NAME + 1];
RRDDIM *rd;
unsigned long long total;
struct cpu_interrupt cpu[];
};
Reported by FlawFinder.
Line: 28
Column: 60
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
#define recordsize(cpus) (sizeof(struct interrupt) + ((cpus) * sizeof(struct cpu_interrupt)))
// given a base, get a pointer to each record
#define irrindex(base, line, cpus) ((struct interrupt *)&((char *)(base))[(line) * recordsize(cpus)])
static inline struct interrupt *get_interrupts_array(size_t lines, int cpus) {
static struct interrupt *irrs = NULL;
static size_t allocated = 0;
Reported by FlawFinder.
Line: 65
Column: 9
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
do_per_core = config_get_boolean_ondemand("plugin:proc:/proc/softirqs", "interrupts per core", CONFIG_BOOLEAN_AUTO);
if(unlikely(!ff)) {
char filename[FILENAME_MAX + 1];
snprintfz(filename, FILENAME_MAX, "%s%s", netdata_configured_host_prefix, "/proc/softirqs");
ff = procfile_open(config_get("plugin:proc:/proc/softirqs", "filename to monitor", filename), " \t:", PROCFILE_FLAG_DEFAULT);
if(unlikely(!ff)) return 1;
}
Reported by FlawFinder.
Line: 200
Column: 17
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
if (unlikely(core_sum == 0)) continue; // try next core
char id[50 + 1];
snprintfz(id, 50, "cpu%d_softirqs", c);
char title[100 + 1];
snprintfz(title, 100, "CPU%d softirqs", c);
Reported by FlawFinder.
Line: 203
Column: 17
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
char id[50 + 1];
snprintfz(id, 50, "cpu%d_softirqs", c);
char title[100 + 1];
snprintfz(title, 100, "CPU%d softirqs", c);
core_st[c] = rrdset_create_localhost(
"cpu"
, id
Reported by FlawFinder.
aclk/aclk_proxy.c
5 issues
Line: 94
Column: 17
CWE codes:
807
20
Suggestion:
Check environment variables carefully before using them
static inline int check_socks_enviroment(const char **proxy)
{
char *tmp = getenv("socks_proxy");
if (!tmp)
return 1;
if (aclk_verify_proxy(tmp) == PROXY_TYPE_SOCKS5) {
Reported by FlawFinder.
Line: 112
Column: 17
CWE codes:
807
20
Suggestion:
Check environment variables carefully before using them
static inline int check_http_enviroment(const char **proxy)
{
char *tmp = getenv("http_proxy");
if (!tmp)
return 1;
if (aclk_verify_proxy(tmp) == PROXY_TYPE_HTTP) {
Reported by FlawFinder.
Line: 36
Column: 64
CWE codes:
126
{
int i = 0;
while (supported_proxy_types[i].url_str) {
if (!strncmp(supported_proxy_types[i].url_str, string, strlen(supported_proxy_types[i].url_str)))
return supported_proxy_types[i].type;
i++;
}
return PROXY_TYPE_UNKNOWN;
}
Reported by FlawFinder.
Line: 61
Column: 21
CWE codes:
126
// for logging purposes
void safe_log_proxy_censor(char *proxy)
{
size_t length = strlen(proxy);
char *auth = proxy + length - 1;
char *cur;
while ((auth >= proxy) && (*auth != '@'))
auth--;
Reported by FlawFinder.
Line: 76
Column: 16
CWE codes:
126
if (!cur)
cur = proxy;
else
cur += strlen(ACLK_PROXY_PROTO_ADDR_SEPARATOR);
while (cur < auth) {
*cur = 'X';
cur++;
}
Reported by FlawFinder.
collectors/ebpf.plugin/ebpf_cachestat.c
5 issues
Line: 12
Column: 8
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static struct bpf_link **probe_links = NULL;
static struct bpf_object *objects = NULL;
static char *cachestat_counter_dimension_name[NETDATA_CACHESTAT_END] = { "ratio", "dirty", "hit",
"miss" };
static netdata_syscall_stat_t cachestat_counter_aggregated_data[NETDATA_CACHESTAT_END];
static netdata_publish_syscall_t cachestat_counter_publish_aggregated[NETDATA_CACHESTAT_END];
netdata_cachestat_pid_t *cachestat_vector = NULL;
Reported by FlawFinder.
Line: 222
Column: 9
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
static inline void cachestat_save_pid_values(netdata_publish_cachestat_t *out, netdata_cachestat_pid_t *publish)
{
if (!out->current.mark_page_accessed) {
memcpy(&out->current, &publish[0], sizeof(netdata_cachestat_pid_t));
return;
}
memcpy(&out->prev, &out->current, sizeof(netdata_cachestat_pid_t));
memcpy(&out->current, &publish[0], sizeof(netdata_cachestat_pid_t));
Reported by FlawFinder.
Line: 226
Column: 5
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
return;
}
memcpy(&out->prev, &out->current, sizeof(netdata_cachestat_pid_t));
memcpy(&out->current, &publish[0], sizeof(netdata_cachestat_pid_t));
}
/**
* Fill PID
Reported by FlawFinder.
Line: 227
Column: 5
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
}
memcpy(&out->prev, &out->current, sizeof(netdata_cachestat_pid_t));
memcpy(&out->current, &publish[0], sizeof(netdata_cachestat_pid_t));
}
/**
* Fill PID
*
Reported by FlawFinder.
Line: 429
Column: 5
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
*/
void ebpf_cachestat_sum_pids(netdata_publish_cachestat_t *publish, struct pid_on_target *root)
{
memcpy(&publish->prev, &publish->current,sizeof(publish->current));
memset(&publish->current, 0, sizeof(publish->current));
netdata_cachestat_pid_t *dst = &publish->current;
while (root) {
int32_t pid = root->pid;
Reported by FlawFinder.
libnetdata/simple_pattern/simple_pattern.c
5 issues
Line: 40
Column: 18
CWE codes:
126
// check what this one matches
size_t len = strlen(s);
if(len >= 2 && *s == '*' && s[len - 1] == '*') {
s[len - 1] = '\0';
s++;
mode = SIMPLE_PATTERN_SUBSTRING;
}
Reported by FlawFinder.
Line: 61
Column: 18
CWE codes:
126
struct simple_pattern *m = callocz(1, sizeof(struct simple_pattern));
if(*s) {
m->match = strdupz(s);
m->len = strlen(m->match);
m->mode = mode;
}
else {
m->mode = SIMPLE_PATTERN_SUBSTRING;
}
Reported by FlawFinder.
Line: 92
Column: 25
CWE codes:
126
while(*separators) isseparator[(unsigned char)*separators++] = 1;
}
char *buf = mallocz(strlen(list) + 1);
const char *s = list;
while(s && *s) {
buf[0] = '\0';
char *c = buf;
Reported by FlawFinder.
Line: 230
Column: 18
CWE codes:
126
if(unlikely(!root || !str || !*str)) return 0;
size_t len = strlen(str);
for(m = root; m ; m = m->next) {
char *ws = wildcarded;
size_t wss = wildcarded_size;
if(unlikely(ws)) *ws = '\0';
Reported by FlawFinder.
Line: 336
Column: 27
CWE codes:
126
}
char *simple_pattern_trim_around_equal(char *src) {
char *store = mallocz(strlen(src) +1);
if(!store)
return NULL;
char *dst = store;
while (*src) {
Reported by FlawFinder.
database/rrd.h
5 issues
Line: 316
Column: 5
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
size_t memsize; // the memory allocated for this dimension
char magic[sizeof(RRDDIMENSION_MAGIC) + 1]; // a string to be saved, used to identify our data file
struct rrddimvar *variables;
// ------------------------------------------------------------------------
// the values stored in this dimension, using our floating point numbers
Reported by FlawFinder.
Line: 492
Column: 5
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
// ------------------------------------------------------------------------
// the set configuration
char id[RRD_ID_LENGTH_MAX + 1]; // id of the data set
const char *name; // the name of this dimension (as presented to user)
// this is a pointer to the config structure
// since the config always has a higher priority
// (the user overwrites the name of the charts)
Reported by FlawFinder.
Line: 533
Column: 5
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
RRD_MEMORY_MODE rrd_memory_mode; // if set to 1, this is memory mapped
char *cache_dir; // the directory to store dimensions
char cache_filename[FILENAME_MAX+1]; // the filename to store this set
netdata_rwlock_t rrdset_rwlock; // protects dimensions linked list
size_t counter; // the number of times we added values to this database
size_t counter_done; // the number of times rrdset_done() has been called
Reported by FlawFinder.
Line: 588
Column: 5
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
unsigned long memsize; // how much mem we have allocated for this (without dimensions)
char magic[sizeof(RRDSET_MAGIC) + 1]; // our magic
// ------------------------------------------------------------------------
// the dimensions
avl_tree_lock dimensions_index; // the root of the dimensions index
Reported by FlawFinder.
Line: 757
Column: 5
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
char *registry_hostname; // the registry hostname for this host
char machine_guid[GUID_LEN + 1]; // the unique ID of this host
uint32_t hash_machine_guid; // the hash of the unique ID
const char *os; // the O/S type of the host
const char *tags; // tags for this host
const char *timezone; // the timezone of the host
Reported by FlawFinder.
collectors/python.d.plugin/python_modules/urllib3/util/request.py
5 issues
Line: 5
Column: 1
from __future__ import absolute_import
from base64 import b64encode
from ..packages.six import b, integer_types
from ..exceptions import UnrewindableBodyError
ACCEPT_ENCODING = 'gzip,deflate'
_FAILEDTELL = object()
Reported by Pylint.
Line: 6
Column: 1
from base64 import b64encode
from ..packages.six import b, integer_types
from ..exceptions import UnrewindableBodyError
ACCEPT_ENCODING = 'gzip,deflate'
_FAILEDTELL = object()
Reported by Pylint.
Line: 112
Column: 13
try:
body_seek(body_pos)
except (IOError, OSError):
raise UnrewindableBodyError("An error occurred when rewinding request "
"body for redirect/retry.")
elif body_pos is _FAILEDTELL:
raise UnrewindableBodyError("Unable to record file position for rewinding "
"request body during a redirect/retry.")
else:
Reported by Pylint.
Line: 1
Column: 1
# SPDX-License-Identifier: MIT
from __future__ import absolute_import
from base64 import b64encode
from ..packages.six import b, integer_types
from ..exceptions import UnrewindableBodyError
ACCEPT_ENCODING = 'gzip,deflate'
_FAILEDTELL = object()
Reported by Pylint.
Line: 12
Column: 1
_FAILEDTELL = object()
def make_headers(keep_alive=None, accept_encoding=None, user_agent=None,
basic_auth=None, proxy_basic_auth=None, disable_cache=None):
"""
Shortcuts for generating request headers.
:param keep_alive:
Reported by Pylint.
aclk/aclk_stats.c
5 issues
Line: 153
Column: 8
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
rrdset_done(st);
}
static char *cloud_req_http_type_names[ACLK_STATS_CLOUD_HTTP_REQ_TYPE_CNT] = {
"other",
"info",
"data",
"alarms",
"alarm_log",
Reported by FlawFinder.
Line: 198
Column: 5
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
{
static RRDSET *st = NULL;
char dim_name[MAX_DIM_NAME];
if (unlikely(!st)) {
st = rrdset_create_localhost(
"netdata", "aclk_query_threads", NULL, "aclk", NULL, "Queries Processed Per Thread", "req/s",
"netdata", "stats", 200009, localhost->rrd_update_every, RRDSET_TYPE_STACKED);
Reported by FlawFinder.
Line: 284
Column: 9
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
ACLK_STATS_LOCK;
// to not hold lock longer than necessary, especially not to hold it
// during database rrd* operations
memcpy(&per_sample, &aclk_metrics_per_sample, sizeof(struct aclk_metrics_per_sample));
memcpy(&permanent, &aclk_metrics, sizeof(struct aclk_metrics));
memset(&aclk_metrics_per_sample, 0, sizeof(struct aclk_metrics_per_sample));
memcpy(aclk_queries_per_thread_sample, aclk_queries_per_thread, sizeof(uint32_t) * query_thread_count);
memset(aclk_queries_per_thread, 0, sizeof(uint32_t) * query_thread_count);
Reported by FlawFinder.
Line: 285
Column: 9
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
// to not hold lock longer than necessary, especially not to hold it
// during database rrd* operations
memcpy(&per_sample, &aclk_metrics_per_sample, sizeof(struct aclk_metrics_per_sample));
memcpy(&permanent, &aclk_metrics, sizeof(struct aclk_metrics));
memset(&aclk_metrics_per_sample, 0, sizeof(struct aclk_metrics_per_sample));
memcpy(aclk_queries_per_thread_sample, aclk_queries_per_thread, sizeof(uint32_t) * query_thread_count);
memset(aclk_queries_per_thread, 0, sizeof(uint32_t) * query_thread_count);
ACLK_STATS_UNLOCK;
Reported by FlawFinder.
Line: 288
Column: 9
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
memcpy(&permanent, &aclk_metrics, sizeof(struct aclk_metrics));
memset(&aclk_metrics_per_sample, 0, sizeof(struct aclk_metrics_per_sample));
memcpy(aclk_queries_per_thread_sample, aclk_queries_per_thread, sizeof(uint32_t) * query_thread_count);
memset(aclk_queries_per_thread, 0, sizeof(uint32_t) * query_thread_count);
ACLK_STATS_UNLOCK;
aclk_stats_collect(&per_sample, &permanent);
aclk_stats_query_queue(&per_sample);
Reported by FlawFinder.
collectors/python.d.plugin/python_modules/urllib3/util/response.py
5 issues
Line: 3
Column: 1
# SPDX-License-Identifier: MIT
from __future__ import absolute_import
from ..packages.six.moves import http_client as httplib
from ..exceptions import HeaderParsingError
def is_fp_closed(obj):
"""
Reported by Pylint.
Line: 5
Column: 1
from __future__ import absolute_import
from ..packages.six.moves import http_client as httplib
from ..exceptions import HeaderParsingError
def is_fp_closed(obj):
"""
Checks whether a given file-like object is closed.
Reported by Pylint.
Line: 78
Column: 3
:param conn:
:type conn: :class:`httplib.HTTPResponse`
"""
# FIXME: Can we do this somehow without accessing private httplib _method?
method = response._method
if isinstance(method, int): # Platform-specific: Appengine
return method == 3
return method.upper() == 'HEAD'
Reported by Pylint.
Line: 79
Column: 14
:type conn: :class:`httplib.HTTPResponse`
"""
# FIXME: Can we do this somehow without accessing private httplib _method?
method = response._method
if isinstance(method, int): # Platform-specific: Appengine
return method == 3
return method.upper() == 'HEAD'
Reported by Pylint.
Line: 1
Column: 1
# SPDX-License-Identifier: MIT
from __future__ import absolute_import
from ..packages.six.moves import http_client as httplib
from ..exceptions import HeaderParsingError
def is_fp_closed(obj):
"""
Reported by Pylint.
collectors/ebpf.plugin/ebpf_vfs.c
4 issues
Line: 8
Column: 8
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
#include "ebpf.h"
#include "ebpf_vfs.h"
static char *vfs_dimension_names[NETDATA_KEY_PUBLISH_VFS_END] = { "delete", "read", "write",
"fsync", "open", "create" };
static char *vfs_id_names[NETDATA_KEY_PUBLISH_VFS_END] = { "vfs_unlink", "vfs_read", "vfs_write",
"vfs_fsync", "vfs_open", "vfs_create"};
static netdata_idx_t *vfs_hash_values = NULL;
Reported by FlawFinder.
Line: 10
Column: 8
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static char *vfs_dimension_names[NETDATA_KEY_PUBLISH_VFS_END] = { "delete", "read", "write",
"fsync", "open", "create" };
static char *vfs_id_names[NETDATA_KEY_PUBLISH_VFS_END] = { "vfs_unlink", "vfs_read", "vfs_write",
"vfs_fsync", "vfs_open", "vfs_create"};
static netdata_idx_t *vfs_hash_values = NULL;
static netdata_syscall_stat_t vfs_aggregated_data[NETDATA_KEY_PUBLISH_VFS_END];
static netdata_publish_syscall_t vfs_publish_aggregated[NETDATA_KEY_PUBLISH_VFS_END];
Reported by FlawFinder.
Line: 454
Column: 5
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
vfs_pid[current_pid] = curr;
}
memcpy(curr, &publish[0], sizeof(netdata_publish_vfs_t));
}
/**
* Read the hash table and store data to allocated vectors.
*/
Reported by FlawFinder.
Line: 132
Column: 101
CWE codes:
120
20
}
write_io_chart(NETDATA_VFS_IO_FILE_BYTES, NETDATA_FILESYSTEM_FAMILY, vfs_id_names[NETDATA_KEY_PUBLISH_VFS_WRITE],
(long long)pvc.write, vfs_id_names[NETDATA_KEY_PUBLISH_VFS_READ], (long long)pvc.read);
write_count_chart(NETDATA_VFS_FSYNC, NETDATA_FILESYSTEM_FAMILY,
&vfs_publish_aggregated[NETDATA_KEY_PUBLISH_VFS_FSYNC], 1);
if (em->mode < MODE_ENTRY) {
Reported by FlawFinder.
libnetdata/inlined.h
4 issues
Line: 272
Column: 14
CWE codes:
362
static inline int read_file(const char *filename, char *buffer, size_t size) {
if(unlikely(!size)) return 3;
int fd = open(filename, O_RDONLY, 0666);
if(unlikely(fd == -1)) {
buffer[0] = '\0';
return 1;
}
Reported by FlawFinder.
Line: 291
Column: 5
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
}
static inline int read_single_number_file(const char *filename, unsigned long long *result) {
char buffer[30 + 1];
int ret = read_file(filename, buffer, 30);
if(unlikely(ret)) {
*result = 0;
return ret;
Reported by FlawFinder.
Line: 305
Column: 5
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
}
static inline int read_single_signed_number_file(const char *filename, long long *result) {
char buffer[30 + 1];
int ret = read_file(filename, buffer, 30);
if(unlikely(ret)) {
*result = 0;
return ret;
Reported by FlawFinder.