Codekhana

shell/common/platform_util_linux.cc

2 issues

fopen - Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents?

Security

Line: 239 Column: 14 CWE codes: 362

              
void Beep() {
  // echo '\a' > /dev/console
  FILE* fp = fopen("/dev/console", "a");
  if (fp == nullptr) {
    fp = fopen("/dev/tty", "a");
  }
  if (fp != nullptr) {
    fprintf(fp, "\a");

Reported by FlawFinder.

fopen - Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents?

Security

Line: 241 Column: 10 CWE codes: 362

                // echo '\a' > /dev/console
  FILE* fp = fopen("/dev/console", "a");
  if (fp == nullptr) {
    fp = fopen("/dev/tty", "a");
  }
  if (fp != nullptr) {
    fprintf(fp, "\a");
    fclose(fp);
  }

Reported by FlawFinder.

build/fake_v8_context_snapshot_generator.py

2 issues

Missing module docstring

Error

Line: 1 Column: 1

              import os
import shutil
import sys

if os.path.exists(sys.argv[2]):
  os.remove(sys.argv[2])

shutil.copy(sys.argv[1], sys.argv[2])

Reported by Pylint.

Bad indentation. Found 2 spaces, expected 4

Style

Line: 6 Column: 1

              import sys

if os.path.exists(sys.argv[2]):
  os.remove(sys.argv[2])

shutil.copy(sys.argv[1], sys.argv[2])

Reported by Pylint.

spec-main/fixtures/native-addon/uv-dlopen/main.cpp

1 issues

char - Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues

Security

Line: 13 Column: 3 CWE codes: 119 120
Suggestion: Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length

                status = napi_get_cb_info(env, info, &argc, &argv, NULL, NULL);
  if (status != napi_ok) napi_fatal_error(NULL, 0, NULL, 0);

  char lib_path[256];
  status = napi_get_value_string_utf8(env, argv, lib_path, 256, NULL);
  if (status != napi_ok) napi_fatal_error(NULL, 0, NULL, 0);

  uv_lib_t lib;
  auto uv_status = uv_dlopen(lib_path, &lib);

Reported by FlawFinder.

shell/app/electron_main.cc

1 issues

getenv - Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once

Security

Line: 80 Column: 21 CWE codes: 807 20
Suggestion: Check environment variables carefully before using them

                getenv_s(&required_size, nullptr, 0, name);
  return required_size != 0;
#else
  char* indicator = getenv(name);
  return indicator && indicator[0] != '\0';
#endif
}

#if defined(OS_POSIX)

Reported by FlawFinder.

shell/browser/browser_linux.cc

1 issues

open - Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents?

Security

Line: 38 Column: 17 CWE codes: 362

              
bool LaunchXdgUtility(const std::vector<std::string>& argv, int* exit_code) {
  *exit_code = EXIT_FAILURE;
  int devnull = open("/dev/null", O_RDONLY);
  if (devnull < 0)
    return false;

  base::LaunchOptions options;
  options.fds_to_remap.emplace_back(devnull, STDIN_FILENO);

Reported by FlawFinder.

shell/browser/electron_browser_main_parts_posix.cc

1 issues

read - Check buffer boundaries if used in a loop including recursive loops

Security

Line: 137 Column: 9 CWE codes: 120 20

                size_t bytes_read = 0;
  do {
    const ssize_t ret = HANDLE_EINTR(
        read(shutdown_fd_, reinterpret_cast<char*>(&signal) + bytes_read,
             sizeof(signal) - bytes_read));
    if (ret < 0) {
      NOTREACHED() << "Unexpected error: " << strerror(errno);
      ShutdownFDReadError();
      break;

Reported by FlawFinder.

shell/browser/javascript_environment.cc

1 issues

memcpy - Does not check for buffer overflows when copying to destination

Security

Line: 298 Column: 5 CWE codes: 120
Suggestion: Make sure destination can always hold the source data

                                              const char* name,
                                uint64_t handle) override {
    base::trace_event::TraceEventHandle traceEventHandle;
    memcpy(&traceEventHandle, &handle, sizeof(handle));
    TRACE_EVENT_API_UPDATE_TRACE_EVENT_DURATION(category_enabled_flag, name,
                                                traceEventHandle);
  }
  void AddTraceStateObserver(TraceStateObserver* observer) override {
    g_trace_state_dispatcher.Get().AddObserver(observer);

Reported by FlawFinder.

shell/browser/linux/unity_service.cc

1 issues

getenv - Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once

Security

Line: 94 Column: 30 CWE codes: 807 20
Suggestion: Check environment variables carefully before using them

                    reinterpret_cast<unity_launcher_entry_get_for_desktop_id_func>(
          dlsym(unity_lib, "unity_launcher_entry_get_for_desktop_id"));
  if (entry_get_for_desktop_id) {
    std::string desktop_id = getenv("CHROME_DESKTOP");
    chrome_entry = entry_get_for_desktop_id(desktop_id.c_str());

    entry_set_count = reinterpret_cast<unity_launcher_entry_set_count_func>(
        dlsym(unity_lib, "unity_launcher_entry_set_count"));

Reported by FlawFinder.

shell/browser/notifications/linux/libnotify_notification.cc

1 issues

getenv - Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once

Security

Line: 43 Column: 7 CWE codes: 807 20
Suggestion: Check environment variables carefully before using them

              }

bool NotifierSupportsActions() {
  if (getenv("ELECTRON_USE_UBUNTU_NOTIFIER"))
    return false;

  return HasCapability("actions");
}

Reported by FlawFinder.

shell/browser/relauncher.cc

1 issues

read - Check buffer boundaries if used in a loop including recursive loops

Security

Line: 130 Column: 34 CWE codes: 120 20

              
  // Synchronize with the relauncher process.
  char read_char;
  int read_result = HANDLE_EINTR(read(pipe_read_fd.get(), &read_char, 1));
  if (read_result != 1) {
    if (read_result < 0) {
      PLOG(ERROR) << "read";
    } else {
      LOG(ERROR) << "read: unexpected result " << read_result;

Reported by FlawFinder.

Modal title

The following issues were found

shell/common/platform_util_linux.cc

2 issues

build/fake_v8_context_snapshot_generator.py

2 issues

spec-main/fixtures/native-addon/uv-dlopen/main.cpp

1 issues

shell/app/electron_main.cc

1 issues

shell/browser/browser_linux.cc

1 issues

shell/browser/electron_browser_main_parts_posix.cc

1 issues

shell/browser/javascript_environment.cc

1 issues

shell/browser/linux/unity_service.cc

1 issues

shell/browser/notifications/linux/libnotify_notification.cc

1 issues

shell/browser/relauncher.cc

1 issues