The following issues were found
libnetdata/config/appconfig.h
4 issues
Line: 195
Column: 5
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
extern void appconfig_unlock(struct config *root);
struct connector_instance {
char instance_name[CONFIG_MAX_NAME + 1];
char connector_name[CONFIG_MAX_NAME + 1];
};
typedef struct _connector_instance {
struct section *connector; // actual connector
Reported by FlawFinder.
Line: 196
Column: 5
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct connector_instance {
char instance_name[CONFIG_MAX_NAME + 1];
char connector_name[CONFIG_MAX_NAME + 1];
};
typedef struct _connector_instance {
struct section *connector; // actual connector
struct section *instance; // This instance
Reported by FlawFinder.
Line: 202
Column: 5
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
typedef struct _connector_instance {
struct section *connector; // actual connector
struct section *instance; // This instance
char instance_name[CONFIG_MAX_NAME + 1];
char connector_name[CONFIG_MAX_NAME + 1];
struct _connector_instance *next; // Next instance
} _CONNECTOR_INSTANCE;
extern _CONNECTOR_INSTANCE *add_connector_instance(struct section *connector, struct section *instance);
Reported by FlawFinder.
Line: 203
Column: 5
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct section *connector; // actual connector
struct section *instance; // This instance
char instance_name[CONFIG_MAX_NAME + 1];
char connector_name[CONFIG_MAX_NAME + 1];
struct _connector_instance *next; // Next instance
} _CONNECTOR_INSTANCE;
extern _CONNECTOR_INSTANCE *add_connector_instance(struct section *connector, struct section *instance);
Reported by FlawFinder.
aclk/aclk_rx_msgs.c
4 issues
Line: 50
Column: 25
CWE codes:
120
Suggestion:
Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused)
size_t len = strlen(e->data.string);
data->payload = mallocz(len+1);
if (!url_decode_r(data->payload, e->data.string, len + 1))
strcpy(data->payload, e->data.string);
}
break;
}
break;
case JSON_NUMBER:
Reported by FlawFinder.
Line: 47
Column: 34
CWE codes:
126
}
if (!strcmp(e->name, "payload")) {
if (likely(e->data.string)) {
size_t len = strlen(e->data.string);
data->payload = mallocz(len+1);
if (!url_decode_r(data->payload, e->data.string, len + 1))
strcpy(data->payload, e->data.string);
}
break;
Reported by FlawFinder.
Line: 85
Column: 12
CWE codes:
126
char* ptr = strstr(payload, ACLK_V2_PAYLOAD_SEPARATOR);
if(!ptr)
return 1;
ptr += strlen(ACLK_V2_PAYLOAD_SEPARATOR);
*data = strdupz(ptr);
return 0;
}
static inline int aclk_v2_payload_get_query(const char *payload, char **query_url)
Reported by FlawFinder.
Line: 95
Column: 51
CWE codes:
126
const char *start, *end;
// TODO better check of URL
if(strncmp(payload, ACLK_CLOUD_REQ_V2_PREFIX, strlen(ACLK_CLOUD_REQ_V2_PREFIX))) {
errno = 0;
error("Only accepting requests that start with \"%s\" from CLOUD.", ACLK_CLOUD_REQ_V2_PREFIX);
return 1;
}
start = payload + 4;
Reported by FlawFinder.
health/health.c
4 issues
Line: 59
Column: 5
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
* @return a pointer to the user config directory
*/
inline char *health_user_config_dir(void) {
char buffer[FILENAME_MAX + 1];
snprintfz(buffer, FILENAME_MAX, "%s/health.d", netdata_configured_user_config_dir);
return config_get(CONFIG_SECTION_HEALTH, "health configuration directory", buffer);
}
/**
Reported by FlawFinder.
Line: 72
Column: 5
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
* @return a pointer to the stock config directory.
*/
inline char *health_stock_config_dir(void) {
char buffer[FILENAME_MAX + 1];
snprintfz(buffer, FILENAME_MAX, "%s/health.d", netdata_configured_stock_config_dir);
return config_get(CONFIG_SECTION_HEALTH, "stock health configuration directory", buffer);
}
/**
Reported by FlawFinder.
Line: 83
Column: 16
CWE codes:
362
* Function used to initialize the silencer structure.
*/
static void health_silencers_init(void) {
FILE *fd = fopen(silencers_filename, "r");
if (fd) {
fseek(fd, 0 , SEEK_END);
off_t length = (off_t) ftell(fd);
fseek(fd, 0 , SEEK_SET);
Reported by FlawFinder.
Line: 303
Column: 12
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
goto done;
}
static char command_to_run[ALARM_EXEC_COMMAND_LENGTH + 1];
const char *exec = (ae->exec) ? ae->exec : host->health_default_exec;
const char *recipient = (ae->recipient) ? ae->recipient : host->health_default_recipient;
int n_warn=0, n_crit=0;
Reported by FlawFinder.
web/api/formatters/rrd2json.c
4 issues
Line: 90
Column: 9
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
rrddim_foreach_read(rd1, st) {
RRDDIM *rd = mallocz(rd1->memsize);
memcpy(rd, rd1, rd1->memsize);
rd->id = strdupz(rd1->id);
rd->name = strdupz(rd1->name);
rd->state = mallocz(sizeof(*rd->state));
memcpy(rd->state, rd1->state, sizeof(*rd->state));
memcpy(&rd->state->collect_ops, &rd1->state->collect_ops, sizeof(struct rrddim_collect_ops));
Reported by FlawFinder.
Line: 94
Column: 9
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
rd->id = strdupz(rd1->id);
rd->name = strdupz(rd1->name);
rd->state = mallocz(sizeof(*rd->state));
memcpy(rd->state, rd1->state, sizeof(*rd->state));
memcpy(&rd->state->collect_ops, &rd1->state->collect_ops, sizeof(struct rrddim_collect_ops));
memcpy(&rd->state->query_ops, &rd1->state->query_ops, sizeof(struct rrddim_query_ops));
rd->next = (*param_list)->rd;
(*param_list)->rd = rd;
}
Reported by FlawFinder.
Line: 95
Column: 9
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
rd->name = strdupz(rd1->name);
rd->state = mallocz(sizeof(*rd->state));
memcpy(rd->state, rd1->state, sizeof(*rd->state));
memcpy(&rd->state->collect_ops, &rd1->state->collect_ops, sizeof(struct rrddim_collect_ops));
memcpy(&rd->state->query_ops, &rd1->state->query_ops, sizeof(struct rrddim_query_ops));
rd->next = (*param_list)->rd;
(*param_list)->rd = rd;
}
Reported by FlawFinder.
Line: 96
Column: 9
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
rd->state = mallocz(sizeof(*rd->state));
memcpy(rd->state, rd1->state, sizeof(*rd->state));
memcpy(&rd->state->collect_ops, &rd1->state->collect_ops, sizeof(struct rrddim_collect_ops));
memcpy(&rd->state->query_ops, &rd1->state->query_ops, sizeof(struct rrddim_query_ops));
rd->next = (*param_list)->rd;
(*param_list)->rd = rd;
}
rrdset_unlock(st);
Reported by FlawFinder.
web/api/exporters/shell/allmetrics_shell.c
4 issues
Line: 33
Column: 9
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
RRDSET *st;
rrdset_foreach_read(st, host) {
calculated_number total = 0.0;
char chart[SHELL_ELEMENT_MAX + 1];
shell_name_copy(chart, st->name?st->name:st->id, SHELL_ELEMENT_MAX);
buffer_sprintf(wb, "\n# chart: %s (name: %s)\n", st->id, st->name);
if(rrdset_is_available_for_viewers(st)) {
rrdset_rdlock(st);
Reported by FlawFinder.
Line: 44
Column: 21
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
RRDDIM *rd;
rrddim_foreach_read(rd, st) {
if(rd->collections_counter && !rrddim_flag_check(rd, RRDDIM_FLAG_OBSOLETE)) {
char dimension[SHELL_ELEMENT_MAX + 1];
shell_name_copy(dimension, rd->name?rd->name:rd->id, SHELL_ELEMENT_MAX);
calculated_number n = rd->last_stored_value;
if(isnan(n) || isinf(n))
Reported by FlawFinder.
Line: 72
Column: 9
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
for(rc = host->alarms; rc ;rc = rc->next) {
if(!rc->rrdset) continue;
char chart[SHELL_ELEMENT_MAX + 1];
shell_name_copy(chart, rc->rrdset->name?rc->rrdset->name:rc->rrdset->id, SHELL_ELEMENT_MAX);
char alarm[SHELL_ELEMENT_MAX + 1];
shell_name_copy(alarm, rc->name, SHELL_ELEMENT_MAX);
Reported by FlawFinder.
Line: 75
Column: 9
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
char chart[SHELL_ELEMENT_MAX + 1];
shell_name_copy(chart, rc->rrdset->name?rc->rrdset->name:rc->rrdset->id, SHELL_ELEMENT_MAX);
char alarm[SHELL_ELEMENT_MAX + 1];
shell_name_copy(alarm, rc->name, SHELL_ELEMENT_MAX);
calculated_number n = rc->value;
if(isnan(n) || isinf(n))
Reported by FlawFinder.
collectors/python.d.plugin/postfix/postfix.chart.py
4 issues
Line: 6
Column: 1
# Author: Pawel Krupa (paulfantom)
# SPDX-License-Identifier: GPL-3.0-or-later
from bases.FrameworkServices.ExecutableService import ExecutableService
POSTQUEUE_COMMAND = 'postqueue -p'
ORDER = [
'qemails',
Reported by Pylint.
Line: 1
Column: 1
# -*- coding: utf-8 -*-
# Description: postfix netdata python.d module
# Author: Pawel Krupa (paulfantom)
# SPDX-License-Identifier: GPL-3.0-or-later
from bases.FrameworkServices.ExecutableService import ExecutableService
POSTQUEUE_COMMAND = 'postqueue -p'
Reported by Pylint.
Line: 31
Column: 1
}
class Service(ExecutableService):
def __init__(self, configuration=None, name=None):
ExecutableService.__init__(self, configuration=configuration, name=name)
self.order = ORDER
self.definitions = CHARTS
self.command = POSTQUEUE_COMMAND
Reported by Pylint.
Line: 31
Column: 1
}
class Service(ExecutableService):
def __init__(self, configuration=None, name=None):
ExecutableService.__init__(self, configuration=configuration, name=name)
self.order = ORDER
self.definitions = CHARTS
self.command = POSTQUEUE_COMMAND
Reported by Pylint.
backends/graphite/graphite.c
4 issues
Line: 24
Column: 5
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
(void)after;
(void)before;
char chart_name[RRD_ID_LENGTH_MAX + 1];
char dimension_name[RRD_ID_LENGTH_MAX + 1];
backend_name_copy(chart_name, (backend_options & BACKEND_OPTION_SEND_NAMES && st->name)?st->name:st->id, RRD_ID_LENGTH_MAX);
backend_name_copy(dimension_name, (backend_options & BACKEND_OPTION_SEND_NAMES && rd->name)?rd->name:rd->id, RRD_ID_LENGTH_MAX);
buffer_sprintf(
Reported by FlawFinder.
Line: 25
Column: 5
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
(void)before;
char chart_name[RRD_ID_LENGTH_MAX + 1];
char dimension_name[RRD_ID_LENGTH_MAX + 1];
backend_name_copy(chart_name, (backend_options & BACKEND_OPTION_SEND_NAMES && st->name)?st->name:st->id, RRD_ID_LENGTH_MAX);
backend_name_copy(dimension_name, (backend_options & BACKEND_OPTION_SEND_NAMES && rd->name)?rd->name:rd->id, RRD_ID_LENGTH_MAX);
buffer_sprintf(
b
Reported by FlawFinder.
Line: 58
Column: 5
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
) {
(void)host;
char chart_name[RRD_ID_LENGTH_MAX + 1];
char dimension_name[RRD_ID_LENGTH_MAX + 1];
backend_name_copy(chart_name, (backend_options & BACKEND_OPTION_SEND_NAMES && st->name)?st->name:st->id, RRD_ID_LENGTH_MAX);
backend_name_copy(dimension_name, (backend_options & BACKEND_OPTION_SEND_NAMES && rd->name)?rd->name:rd->id, RRD_ID_LENGTH_MAX);
time_t first_t = after, last_t = before;
Reported by FlawFinder.
Line: 59
Column: 5
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
(void)host;
char chart_name[RRD_ID_LENGTH_MAX + 1];
char dimension_name[RRD_ID_LENGTH_MAX + 1];
backend_name_copy(chart_name, (backend_options & BACKEND_OPTION_SEND_NAMES && st->name)?st->name:st->id, RRD_ID_LENGTH_MAX);
backend_name_copy(dimension_name, (backend_options & BACKEND_OPTION_SEND_NAMES && rd->name)?rd->name:rd->id, RRD_ID_LENGTH_MAX);
time_t first_t = after, last_t = before;
calculated_number value = backend_calculate_value_from_stored_data(st, rd, after, before, backend_options, &first_t, &last_t);
Reported by FlawFinder.
collectors/python.d.plugin/nginx/nginx.chart.py
4 issues
Line: 6
Column: 1
# Author: Pawel Krupa (paulfantom)
# SPDX-License-Identifier: GPL-3.0-or-later
from bases.FrameworkServices.UrlService import UrlService
ORDER = [
'connections',
'requests',
'connection_status',
Reported by Pylint.
Line: 1
Column: 1
# -*- coding: utf-8 -*-
# Description: nginx netdata python.d module
# Author: Pawel Krupa (paulfantom)
# SPDX-License-Identifier: GPL-3.0-or-later
from bases.FrameworkServices.UrlService import UrlService
ORDER = [
'connections',
Reported by Pylint.
Line: 49
Column: 1
}
class Service(UrlService):
def __init__(self, configuration=None, name=None):
UrlService.__init__(self, configuration=configuration, name=name)
self.order = ORDER
self.definitions = CHARTS
self.url = self.configuration.get('url', 'http://localhost/stub_status')
Reported by Pylint.
Line: 49
Column: 1
}
class Service(UrlService):
def __init__(self, configuration=None, name=None):
UrlService.__init__(self, configuration=configuration, name=name)
self.order = ORDER
self.definitions = CHARTS
self.url = self.configuration.get('url', 'http://localhost/stub_status')
Reported by Pylint.
collectors/python.d.plugin/python_modules/bases/loaders.py
4 issues
Line: 1
Column: 1
# -*- coding: utf-8 -*-
# Description:
# Author: Ilya Mashchenko (ilyam8)
# SPDX-License-Identifier: GPL-3.0-or-later
from sys import version_info
PY_VERSION = version_info[:2]
Reported by Pylint.
Line: 29
Column: 1
DEFAULT_MAPPING_TAG = 'tag:yaml.org,2002:map' if PY_VERSION > (3, 1) else u'tag:yaml.org,2002:map'
def dict_constructor(loader, node):
return OrderedDict(loader.construct_pairs(node))
YamlSafeLoader.add_constructor(DEFAULT_MAPPING_TAG, dict_constructor)
Reported by Pylint.
Line: 36
Column: 1
YamlSafeLoader.add_constructor(DEFAULT_MAPPING_TAG, dict_constructor)
def load_yaml(stream):
loader = YamlSafeLoader(stream)
try:
return loader.get_single_data()
finally:
loader.dispose()
Reported by Pylint.
Line: 44
Column: 1
loader.dispose()
def load_config(file_name):
with open(file_name, 'r') as stream:
return load_yaml(stream)
Reported by Pylint.
collectors/python.d.plugin/w1sensor/w1sensor.chart.py
4 issues
Line: 9
Column: 1
import os
import re
from bases.FrameworkServices.SimpleService import SimpleService
# default module values (can be overridden per job in `config`)
update_every = 5
# Location where 1-Wire devices can be found
Reported by Pylint.
Line: 1
Column: 1
# -*- coding: utf-8 -*-
# Description: 1-wire temperature monitor netdata python.d module
# Author: Diomidis Spinellis <http://www.spinellis.gr>
# SPDX-License-Identifier: GPL-3.0-or-later
import os
import re
from bases.FrameworkServices.SimpleService import SimpleService
Reported by Pylint.
Line: 12
Column: 1
from bases.FrameworkServices.SimpleService import SimpleService
# default module values (can be overridden per job in `config`)
update_every = 5
# Location where 1-Wire devices can be found
W1_DIR = '/sys/bus/w1/devices/'
# Lines matching the following regular expression contain a temperature value
Reported by Pylint.
Line: 26
Column: 1
CHARTS = {
'temp': {
'options': [None, '1-Wire Temperature Sensor', 'Celsius', 'Temperature', 'w1sensor.temp', 'line'],
'lines': []
}
}
# Known and supported family members
Reported by Pylint.