The following issues were found
database/rrdlabels.c
4 issues
Line: 91
Column: 9
CWE codes:
120
Suggestion:
Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused)
if (result != NULL) {
char *c = (char *)result;
c += sizeof(struct label);
strcpy(c, key);
result->key = c;
c += key_len + 1;
strcpy(c, value);
result->value = c;
result->label_source = label_source;
Reported by FlawFinder.
Line: 94
Column: 9
CWE codes:
120
Suggestion:
Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused)
strcpy(c, key);
result->key = c;
c += key_len + 1;
strcpy(c, value);
result->value = c;
result->label_source = label_source;
result->key_hash = simple_hash(result->key);
}
return result;
Reported by FlawFinder.
Line: 85
Column: 22
CWE codes:
126
struct label *create_label(char *key, char *value, LABEL_SOURCE label_source)
{
size_t key_len = strlen(key), value_len = strlen(value);
size_t n = sizeof(struct label) + key_len + 1 + value_len + 1;
struct label *result = callocz(1,n);
if (result != NULL) {
char *c = (char *)result;
c += sizeof(struct label);
Reported by FlawFinder.
Line: 85
Column: 47
CWE codes:
126
struct label *create_label(char *key, char *value, LABEL_SOURCE label_source)
{
size_t key_len = strlen(key), value_len = strlen(value);
size_t n = sizeof(struct label) + key_len + 1 + value_len + 1;
struct label *result = callocz(1,n);
if (result != NULL) {
char *c = (char *)result;
c += sizeof(struct label);
Reported by FlawFinder.
collectors/freebsd.plugin/freebsd_devstat.c
4 issues
Line: 285
Column: 25
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
collected_number busy_time_ms;
} cur_dstat;
sprintf(disk, "%s%d", dstat[i].device_name, dstat[i].unit_number);
struct disk *dm = get_disk(disk);
dm->updated = 1;
disks_found++;
Reported by FlawFinder.
Line: 276
Column: 25
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
if (((dstat[i].device_type & DEVSTAT_TYPE_MASK) == DEVSTAT_TYPE_DIRECT) ||
((dstat[i].device_type & DEVSTAT_TYPE_MASK) == DEVSTAT_TYPE_STORARRAY)) {
char disk[DEVSTAT_NAME_LEN + MAX_INT_DIGITS + 1];
struct cur_dstat {
collected_number duration_read_ms;
collected_number duration_write_ms;
collected_number duration_other_ms;
collected_number duration_free_ms;
Reported by FlawFinder.
Line: 292
Column: 29
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
disks_found++;
if(unlikely(!dm->configured)) {
char var_name[4096 + 1];
// this is the first time we see this disk
// remember we configured it
dm->configured = 1;
Reported by FlawFinder.
Line: 168
Column: 15
CWE codes:
126
dm = callocz(1, sizeof(struct disk));
dm->name = strdupz(name);
dm->hash = simple_hash(dm->name);
dm->len = strlen(dm->name);
disks_added++;
// link it to the end
if (disks_root) {
struct disk *e;
Reported by FlawFinder.
web/api/formatters/rrdset2json.c
3 issues
Line: 7
Column: 5
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
void chart_labels2json(RRDSET *st, BUFFER *wb, size_t indentation)
{
char tabs[11];
struct label_index *labels = &st->state->labels;
if (indentation > 10)
indentation = 10;
Reported by FlawFinder.
Line: 25
Column: 9
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
if(count > 0) buffer_strcat(wb, ",\n");
buffer_strcat(wb, tabs);
char value[CONFIG_MAX_VALUE * 2 + 1];
sanitize_json_string(value, label->value, CONFIG_MAX_VALUE * 2);
buffer_sprintf(wb, "\"%s\": \"%s\"", label->key, value);
count++;
}
Reported by FlawFinder.
Line: 15
Column: 9
CWE codes:
120
Suggestion:
Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused)
tabs[0] = '\0';
while (indentation) {
strcat(tabs, "\t");
indentation--;
}
int count = 0;
netdata_rwlock_rdlock(&labels->labels_rwlock);
Reported by FlawFinder.
collectors/python.d.plugin/python_modules/urllib3/packages/backports/makefile.py
3 issues
Line: 15
Column: 1
from socket import SocketIO
def backport_makefile(self, mode="r", buffering=None, encoding=None,
errors=None, newline=None):
"""
Backport of ``socket.makefile`` from Python 3.5.
"""
if not set(mode) <= set(["r", "w", "b"]):
Reported by Pylint.
Line: 26
Suggestion:
https://bandit.readthedocs.io/en/latest/plugins/b101_assert_used.html
)
writing = "w" in mode
reading = "r" in mode or not writing
assert reading or writing
binary = "b" in mode
rawmode = ""
if reading:
rawmode += "r"
if writing:
Reported by Bandit.
Line: 48
Suggestion:
https://bandit.readthedocs.io/en/latest/plugins/b101_assert_used.html
elif reading:
buffer = io.BufferedReader(raw, buffering)
else:
assert writing
buffer = io.BufferedWriter(raw, buffering)
if binary:
return buffer
text = io.TextIOWrapper(buffer, encoding, errors, newline)
text.mode = mode
Reported by Bandit.
aclk/legacy/mqtt.c
3 issues
Line: 294
Column: 5
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
int _link_set_lwt(char *sub_topic, int qos)
{
int rc;
char topic[ACLK_MAX_TOPIC + 1];
char *final_topic;
final_topic = get_topic(sub_topic, topic, ACLK_MAX_TOPIC);
if (unlikely(!final_topic)) {
errno = 0;
Reported by FlawFinder.
Line: 353
Column: 5
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
rc = mosquitto_publish(mosq, mid, topic, len, message, ACLK_QOS, 0);
#ifdef NETDATA_INTERNAL_CHECKS
char msg_head[64];
memset(msg_head, 0, sizeof(msg_head));
strncpy(msg_head, (char*)message, 60);
for (size_t i = 0; i < sizeof(msg_head); i++)
if(msg_head[i] == '\n') msg_head[i] = ' ';
info("Sending MQTT len=%d mid=%d wq=%zu (%zu-bytes) readq=%zu: %s", (int)len,
Reported by FlawFinder.
Line: 355
Column: 5
CWE codes:
120
#ifdef NETDATA_INTERNAL_CHECKS
char msg_head[64];
memset(msg_head, 0, sizeof(msg_head));
strncpy(msg_head, (char*)message, 60);
for (size_t i = 0; i < sizeof(msg_head); i++)
if(msg_head[i] == '\n') msg_head[i] = ' ';
info("Sending MQTT len=%d mid=%d wq=%zu (%zu-bytes) readq=%zu: %s", (int)len,
*mid, write_q, write_q_bytes, read_q, msg_head);
now_realtime_timeval(&sendTimes[ *mid & 0x3ff ]);
Reported by FlawFinder.
daemon/signals.c
3 issues
Line: 46
Column: 17
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
signals_waiting[i].count++;
if(signals_waiting[i].action == NETDATA_SIGNAL_FATAL) {
char buffer[200 + 1];
snprintfz(buffer, 200, "\nSIGNAL HANDLER: received: %s. Oops! This is bad!\n", signals_waiting[i].name);
if(write(STDERR_FILENO, buffer, strlen(buffer)) == -1) {
// nothing to do - we cannot write but there is no way to complain about it
;
}
Reported by FlawFinder.
Line: 48
Column: 49
CWE codes:
126
if(signals_waiting[i].action == NETDATA_SIGNAL_FATAL) {
char buffer[200 + 1];
snprintfz(buffer, 200, "\nSIGNAL HANDLER: received: %s. Oops! This is bad!\n", signals_waiting[i].name);
if(write(STDERR_FILENO, buffer, strlen(buffer)) == -1) {
// nothing to do - we cannot write but there is no way to complain about it
;
}
}
Reported by FlawFinder.
Line: 204
Column: 13
CWE codes:
676
Suggestion:
Use nanosleep(2) or setitimer(2) instead
} else if (myp_reap(i.si_pid) == 0) {
// myp managed, sleep for a short time to avoid busy wait while
// this is handled by myp.
usleep(10000);
} else {
// Unknown process, likely a re-parented child, reap it.
reap_child(i.si_pid);
}
}
Reported by FlawFinder.
libnetdata/url/url.c
3 issues
Line: 25
Column: 26
CWE codes:
126
char *url_encode(char *str) {
char *buf, *pbuf;
pbuf = buf = mallocz(strlen(str) * 3 + 1);
while (*str) {
if (isalnum(*str) || *str == '-' || *str == '_' || *str == '.' || *str == '~')
*pbuf++ = *str;
Reported by FlawFinder.
Line: 367
Column: 22
CWE codes:
126
save = *end;
*end = 0x00;
} else {
length = strlen(begin);
end = NULL;
}
length++;
if (length > (max - copied)) {
Reported by FlawFinder.
Line: 380
Column: 18
CWE codes:
126
if(!url_decode_r(output, begin, length)) {
return -1;
}
length = strlen(output);
copied += length;
output += length;
begin = end;
if (begin) {
Reported by FlawFinder.
aclk/legacy/aclk_lws_wss_client.c
3 issues
Line: 75
Column: 9
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
struct lws_wss_packet_buffer *new = callocz(1, sizeof(struct lws_wss_packet_buffer));
if (data) {
new->data = mallocz(LWS_PRE + size);
memcpy(new->data + LWS_PRE, data, size);
new->data_size = size;
new->written = 0;
}
return new;
}
Reported by FlawFinder.
Line: 221
Column: 14
CWE codes:
126
if (!proxy)
return -1;
proxy += strlen(ACLK_PROXY_PROTO_ADDR_SEPARATOR);
if (!*proxy)
return -1;
return lws_set_socks(vhost, proxy);
Reported by FlawFinder.
Line: 436
Column: 13
CWE codes:
126
char *upstream_connection_error = "MQTT protocol error. Closing underlying wss connection.";
lws_close_reason(
wsi, LWS_CLOSE_STATUS_PROTOCOL_ERR, (unsigned char *)upstream_connection_error,
strlen(upstream_connection_error));
retval = -1;
engine_instance->upstream_reconnect_request = 0;
}
// Don't log to info - volume is proportional to message flow on ACLK.
Reported by FlawFinder.
collectors/macos.plugin/macos_fw.c
3 issues
Line: 48
Column: 9
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
collected_number total_disk_reads = 0;
collected_number total_disk_writes = 0;
struct diskstat {
char name[MAXDRIVENAME];
collected_number bytes_read;
collected_number bytes_write;
collected_number reads;
collected_number writes;
collected_number time_read;
Reported by FlawFinder.
Line: 76
Column: 5
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
// NEEDED BY: do_space, do_inodes
struct statfs *mntbuf;
int mntsize, i;
char mntonname[MNAMELEN + 1];
char title[4096 + 1];
// NEEDED BY: do_bandwidth
struct ifaddrs *ifa, *ifap;
Reported by FlawFinder.
Line: 77
Column: 5
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct statfs *mntbuf;
int mntsize, i;
char mntonname[MNAMELEN + 1];
char title[4096 + 1];
// NEEDED BY: do_bandwidth
struct ifaddrs *ifa, *ifap;
/* Get ports and services for drive statistics. */
Reported by FlawFinder.
libnetdata/threads/threads.c
3 issues
Line: 121
Column: 9
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
if (nt->tag) {
int ret = 0;
char threadname[NETDATA_THREAD_NAME_MAX+1];
strncpyz(threadname, nt->tag, NETDATA_THREAD_NAME_MAX);
#if defined(__FreeBSD__)
pthread_set_name_np(pthread_self(), threadname);
#elif defined(__APPLE__)
Reported by FlawFinder.
Line: 143
Column: 5
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
void uv_thread_set_name_np(uv_thread_t ut, const char* name) {
int ret = 0;
char threadname[NETDATA_THREAD_NAME_MAX+1];
strncpyz(threadname, name, NETDATA_THREAD_NAME_MAX);
#if defined(__FreeBSD__)
pthread_set_name_np(ut, threadname);
#elif defined(__APPLE__)
Reported by FlawFinder.
Line: 158
Column: 36
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
info("cannot set libuv thread name to %s. Err: %d", threadname, ret);
}
void os_thread_get_current_name_np(char threadname[NETDATA_THREAD_NAME_MAX + 1])
{
threadname[0] = '\0';
#if defined(__FreeBSD__)
pthread_get_name_np(pthread_self(), threadname, NETDATA_THREAD_NAME_MAX + 1);
#elif defined(HAVE_PTHREAD_GETNAME_NP) /* Linux & macOS */
Reported by FlawFinder.