The following issues were found

src/third_party/wiredtiger/test/py_install/testbase.py
8 issues
Unable to import 'wiredtiger'
Error

Line: 31 Column: 1

              
# A quick sanity test of an installation via 'pip install wiredtiger'.

import wiredtiger, shutil, os
from wiredtiger import wiredtiger_open, wiredtiger_version

wthome = "WTPY_TEST"
shutil.rmtree(wthome, ignore_errors=True)
os.mkdir(wthome)

            

Reported by Pylint.

Unable to import 'wiredtiger'
Error

Line: 32 Column: 1

              # A quick sanity test of an installation via 'pip install wiredtiger'.

import wiredtiger, shutil, os
from wiredtiger import wiredtiger_open, wiredtiger_version

wthome = "WTPY_TEST"
shutil.rmtree(wthome, ignore_errors=True)
os.mkdir(wthome)
conn = wiredtiger_open(wthome, "create")

            

Reported by Pylint.

Unused import wiredtiger
Error

Line: 31 Column: 1

              
# A quick sanity test of an installation via 'pip install wiredtiger'.

import wiredtiger, shutil, os
from wiredtiger import wiredtiger_open, wiredtiger_version

wthome = "WTPY_TEST"
shutil.rmtree(wthome, ignore_errors=True)
os.mkdir(wthome)

            

Reported by Pylint.

Missing module docstring
Error

Line: 1 Column: 1

              #!/usr/bin/env python
#
# Public Domain 2014-present MongoDB, Inc.
# Public Domain 2008-2014 WiredTiger, Inc.
#
# This is free and unencumbered software released into the public domain.
#
# Anyone is free to copy, modify, publish, use, compile, sell, or
# distribute this software, either in source code form or as a compiled

            

Reported by Pylint.

standard import "import wiredtiger, shutil, os" should be placed before "import wiredtiger, shutil, os"
Error

Line: 31 Column: 1

              
# A quick sanity test of an installation via 'pip install wiredtiger'.

import wiredtiger, shutil, os
from wiredtiger import wiredtiger_open, wiredtiger_version

wthome = "WTPY_TEST"
shutil.rmtree(wthome, ignore_errors=True)
os.mkdir(wthome)

            

Reported by Pylint.

Multiple imports on one line (wiredtiger, shutil, os)
Error

Line: 31 Column: 1

              
# A quick sanity test of an installation via 'pip install wiredtiger'.

import wiredtiger, shutil, os
from wiredtiger import wiredtiger_open, wiredtiger_version

wthome = "WTPY_TEST"
shutil.rmtree(wthome, ignore_errors=True)
os.mkdir(wthome)

            

Reported by Pylint.

standard import "import wiredtiger, shutil, os" should be placed before "import wiredtiger, shutil, os"
Error

Line: 31 Column: 1

              
# A quick sanity test of an installation via 'pip install wiredtiger'.

import wiredtiger, shutil, os
from wiredtiger import wiredtiger_open, wiredtiger_version

wthome = "WTPY_TEST"
shutil.rmtree(wthome, ignore_errors=True)
os.mkdir(wthome)

            

Reported by Pylint.

Constant name "wthome" doesn't conform to UPPER_CASE naming style
Error

Line: 34 Column: 1

              import wiredtiger, shutil, os
from wiredtiger import wiredtiger_open, wiredtiger_version

wthome = "WTPY_TEST"
shutil.rmtree(wthome, ignore_errors=True)
os.mkdir(wthome)
conn = wiredtiger_open(wthome, "create")
session = conn.open_session()
session.create('table:foo', 'key_format=S,value_format=i')

            

Reported by Pylint.

src/third_party/abseil-cpp-master/abseil-cpp/absl/random/zipf_distribution_test.cc
8 issues
syntax error
Error

Line: 49

                                                uint8_t, uint16_t, uint32_t, uint64_t>;
TYPED_TEST_CASE(ZipfDistributionTypedTest, IntTypes);

TYPED_TEST(ZipfDistributionTypedTest, SerializeTest) {
  using param_type = typename absl::zipf_distribution<TypeParam>::param_type;

  constexpr int kCount = 1000;
  absl::InsecureBitGen gen;
  for (const auto& param : {

            

Reported by Cppcheck.

StrCat - Does not check for buffer overflows when concatenating to destination [MS-banned]
Security

Line: 106 Column: 29 CWE codes: 120

                    if (sample < sample_min) sample_min = sample;
    }
    ABSL_INTERNAL_LOG(INFO,
                      absl::StrCat("Range: ", +sample_min, ", ", +sample_max));
  }
}

class ZipfModel {
 public:

            

Reported by FlawFinder.

StrCat - Does not check for buffer overflows when concatenating to destination [MS-banned]
Security

Line: 308 Column: 37 CWE codes: 120

                if (chi_square > threshold) {
    ABSL_INTERNAL_LOG(INFO, "values");
    for (size_t i = 0; i < expected.size(); i++) {
      ABSL_INTERNAL_LOG(INFO, absl::StrCat(points[i], ": ", buckets[i],
                                           " vs. E=", expected[i]));
    }
    ABSL_INTERNAL_LOG(INFO, absl::StrCat("trials ", trials));
    ABSL_INTERNAL_LOG(INFO,
                      absl::StrCat("mean ", avg, " vs. expected ", mean()));

            

Reported by FlawFinder.

StrCat - Does not check for buffer overflows when concatenating to destination [MS-banned]
Security

Line: 311 Column: 35 CWE codes: 120

                    ABSL_INTERNAL_LOG(INFO, absl::StrCat(points[i], ": ", buckets[i],
                                           " vs. E=", expected[i]));
    }
    ABSL_INTERNAL_LOG(INFO, absl::StrCat("trials ", trials));
    ABSL_INTERNAL_LOG(INFO,
                      absl::StrCat("mean ", avg, " vs. expected ", mean()));
    ABSL_INTERNAL_LOG(INFO, absl::StrCat(kChiSquared, "(data, ", dof, ") = ",
                                         chi_square, " (", p_actual, ")"));
    ABSL_INTERNAL_LOG(INFO,

            

Reported by FlawFinder.

StrCat - Does not check for buffer overflows when concatenating to destination [MS-banned]
Security

Line: 313 Column: 29 CWE codes: 120

                  }
    ABSL_INTERNAL_LOG(INFO, absl::StrCat("trials ", trials));
    ABSL_INTERNAL_LOG(INFO,
                      absl::StrCat("mean ", avg, " vs. expected ", mean()));
    ABSL_INTERNAL_LOG(INFO, absl::StrCat(kChiSquared, "(data, ", dof, ") = ",
                                         chi_square, " (", p_actual, ")"));
    ABSL_INTERNAL_LOG(INFO,
                      absl::StrCat(kChiSquared, " @ 0.9995 = ", threshold));
    FAIL() << kChiSquared << " value of " << chi_square

            

Reported by FlawFinder.

StrCat - Does not check for buffer overflows when concatenating to destination [MS-banned]
Security

Line: 314 Column: 35 CWE codes: 120

                  ABSL_INTERNAL_LOG(INFO, absl::StrCat("trials ", trials));
    ABSL_INTERNAL_LOG(INFO,
                      absl::StrCat("mean ", avg, " vs. expected ", mean()));
    ABSL_INTERNAL_LOG(INFO, absl::StrCat(kChiSquared, "(data, ", dof, ") = ",
                                         chi_square, " (", p_actual, ")"));
    ABSL_INTERNAL_LOG(INFO,
                      absl::StrCat(kChiSquared, " @ 0.9995 = ", threshold));
    FAIL() << kChiSquared << " value of " << chi_square
           << " is above the threshold.";

            

Reported by FlawFinder.

StrCat - Does not check for buffer overflows when concatenating to destination [MS-banned]
Security

Line: 317 Column: 29 CWE codes: 120

                  ABSL_INTERNAL_LOG(INFO, absl::StrCat(kChiSquared, "(data, ", dof, ") = ",
                                         chi_square, " (", p_actual, ")"));
    ABSL_INTERNAL_LOG(INFO,
                      absl::StrCat(kChiSquared, " @ 0.9995 = ", threshold));
    FAIL() << kChiSquared << " value of " << chi_square
           << " is above the threshold.";
  }
}


            

Reported by FlawFinder.

StrCat - Does not check for buffer overflows when concatenating to destination [MS-banned]
Security

Line: 345 Column: 28 CWE codes: 120

              std::string ParamName(
    const ::testing::TestParamInfo<zipf_u64::param_type>& info) {
  const auto& p = info.param;
  std::string name = absl::StrCat("k_", p.k(), "__q_", absl::SixDigits(p.q()),
                                  "__v_", absl::SixDigits(p.v()));
  return absl::StrReplaceAll(name, {{"+", "_"}, {"-", "_"}, {".", "_"}});
}

INSTANTIATE_TEST_SUITE_P(All, ZipfTest, ::testing::ValuesIn(GenParams()),

            

Reported by FlawFinder.

src/third_party/abseil-cpp-master/abseil-cpp/absl/random/poisson_distribution_test.cc
8 issues
syntax error
Error

Line: 78

                                                uint8_t, uint16_t, uint32_t, uint64_t>;
TYPED_TEST_CASE(PoissonDistributionInterfaceTest, IntTypes);

TYPED_TEST(PoissonDistributionInterfaceTest, SerializeTest) {
  using param_type = typename absl::poisson_distribution<TypeParam>::param_type;
  const double kMax =
      std::min(1e10 /* assertion limit */,
               static_cast<double>(std::numeric_limits<TypeParam>::max()));


            

Reported by Cppcheck.

StrCat - Does not check for buffer overflows when concatenating to destination [MS-banned]
Security

Line: 137 Column: 35 CWE codes: 120

                    if (sample < sample_min) sample_min = sample;
    }

    ABSL_INTERNAL_LOG(INFO, absl::StrCat("Range {", param.mean(), "}: ",
                                         +sample_min, ", ", +sample_max));

    // Validate stream serialization.
    std::stringstream ss;
    ss << before;

            

Reported by FlawFinder.

StrCat - Does not check for buffer overflows when concatenating to destination [MS-banned]
Security

Line: 191 Column: 35 CWE codes: 120

                }

  void LogCDF() {
    ABSL_INTERNAL_LOG(INFO, absl::StrCat("CDF (mean = ", mean_, ")"));
    for (const auto c : cdf_) {
      ABSL_INTERNAL_LOG(INFO,
                        absl::StrCat(c.index, ": pmf=", c.pmf, " cdf=", c.cdf));
    }
  }

            

Reported by FlawFinder.

StrCat - Does not check for buffer overflows when concatenating to destination [MS-banned]
Security

Line: 194 Column: 31 CWE codes: 120

                  ABSL_INTERNAL_LOG(INFO, absl::StrCat("CDF (mean = ", mean_, ")"));
    for (const auto c : cdf_) {
      ABSL_INTERNAL_LOG(INFO,
                        absl::StrCat(c.index, ": pmf=", c.pmf, " cdf=", c.cdf));
    }
  }

 private:
  const double mean_;

            

Reported by FlawFinder.

StrCat - Does not check for buffer overflows when concatenating to destination [MS-banned]
Security

Line: 342 Column: 28 CWE codes: 120

              
std::string ZParamName(const ::testing::TestParamInfo<ZParam>& info) {
  const auto& p = info.param;
  std::string name = absl::StrCat("mean_", absl::SixDigits(p.mean));
  return absl::StrReplaceAll(name, {{"+", "_"}, {"-", "_"}, {".", "_"}});
}

INSTANTIATE_TEST_SUITE_P(All, PoissonDistributionZTest,
                         ::testing::ValuesIn(GetZParams()), ZParamName);

            

Reported by FlawFinder.

StrCat - Does not check for buffer overflows when concatenating to destination [MS-banned]
Security

Line: 442 Column: 35 CWE codes: 120

                if (chi_square > threshold) {
    LogCDF();

    ABSL_INTERNAL_LOG(INFO, absl::StrCat("VALUES  buckets=", counts.size(),
                                         "  samples=", kSamples));
    for (size_t i = 0; i < counts.size(); i++) {
      ABSL_INTERNAL_LOG(
          INFO, absl::StrCat(cutoffs_[i], ": ", counts[i], " vs. E=", e[i]));
    }

            

Reported by FlawFinder.

StrCat - Does not check for buffer overflows when concatenating to destination [MS-banned]
Security

Line: 446 Column: 23 CWE codes: 120

                                                       "  samples=", kSamples));
    for (size_t i = 0; i < counts.size(); i++) {
      ABSL_INTERNAL_LOG(
          INFO, absl::StrCat(cutoffs_[i], ": ", counts[i], " vs. E=", e[i]));
    }

    ABSL_INTERNAL_LOG(
        INFO,
        absl::StrCat(kChiSquared, "(data, dof=", dof, ") = ", chi_square, " (",

            

Reported by FlawFinder.

StrCat - Does not check for buffer overflows when concatenating to destination [MS-banned]
Security

Line: 451 Column: 15 CWE codes: 120

              
    ABSL_INTERNAL_LOG(
        INFO,
        absl::StrCat(kChiSquared, "(data, dof=", dof, ") = ", chi_square, " (",
                     p, ")\n", " vs.\n", kChiSquared, " @ 0.98 = ", threshold));
  }
  return p;
}


            

Reported by FlawFinder.

src/third_party/wiredtiger/test/format/import.c
8 issues
system - This causes a new program to execute and is difficult to use safely
Security

Line: 78 Column: 23 CWE codes: 78
Suggestion: try using a library call that implements the same functionality if available

                  cmd_len = strlen(g.home) * 2 + strlen(HOME_IMPORT_INIT_CMD) + 1;
    cmd = dmalloc(cmd_len);
    testutil_check(__wt_snprintf(cmd, cmd_len, HOME_IMPORT_INIT_CMD, g.home, g.home));
    testutil_checkfmt(system(cmd), "%s", "import directory creation failed");
    free(cmd);

    cmd_len = strlen(g.home) + strlen(IMPORT_DIR) + 10;
    cmd = dmalloc(cmd_len);
    testutil_check(__wt_snprintf(cmd, cmd_len, "%s/%s", g.home, IMPORT_DIR));

            

Reported by FlawFinder.

char - Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues
Security

Line: 64 Column: 5 CWE codes: 119 120
Suggestion: Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length

                  size_t cmd_len;
    uint32_t import_value;
    u_int period;
    char buf[2048], *cmd;
    const char *file_config, *table_config;

    WT_UNUSED(arg);
    conn = g.wts_conn;
    file_config = table_config = NULL;

            

Reported by FlawFinder.

char - Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues
Security

Line: 218 Column: 5 CWE codes: 119 120
Suggestion: Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length

              copy_file_into_directory(WT_SESSION *session, const char *name)
{
    size_t buf_len;
    char to[64];

    buf_len = strlen(name) + 10;
    testutil_check(__wt_snprintf(to, buf_len, "../%s", name));
    testutil_check(__wt_copy_and_sync(session, name, to));
}

            

Reported by FlawFinder.

strlen - Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected)
Security

Line: 75 Column: 15 CWE codes: 126

                  /*
     * Create a new database, primarily used for testing import.
     */
    cmd_len = strlen(g.home) * 2 + strlen(HOME_IMPORT_INIT_CMD) + 1;
    cmd = dmalloc(cmd_len);
    testutil_check(__wt_snprintf(cmd, cmd_len, HOME_IMPORT_INIT_CMD, g.home, g.home));
    testutil_checkfmt(system(cmd), "%s", "import directory creation failed");
    free(cmd);


            

Reported by FlawFinder.

strlen - Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected)
Security

Line: 75 Column: 36 CWE codes: 126

                  /*
     * Create a new database, primarily used for testing import.
     */
    cmd_len = strlen(g.home) * 2 + strlen(HOME_IMPORT_INIT_CMD) + 1;
    cmd = dmalloc(cmd_len);
    testutil_check(__wt_snprintf(cmd, cmd_len, HOME_IMPORT_INIT_CMD, g.home, g.home));
    testutil_checkfmt(system(cmd), "%s", "import directory creation failed");
    free(cmd);


            

Reported by FlawFinder.

strlen - Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected)
Security

Line: 81 Column: 15 CWE codes: 126

                  testutil_checkfmt(system(cmd), "%s", "import directory creation failed");
    free(cmd);

    cmd_len = strlen(g.home) + strlen(IMPORT_DIR) + 10;
    cmd = dmalloc(cmd_len);
    testutil_check(__wt_snprintf(cmd, cmd_len, "%s/%s", g.home, IMPORT_DIR));
    /* Open a connection to the database, creating it if necessary. */
    create_database(cmd, &import_conn);
    free(cmd);

            

Reported by FlawFinder.

strlen - Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected)
Security

Line: 81 Column: 32 CWE codes: 126

                  testutil_checkfmt(system(cmd), "%s", "import directory creation failed");
    free(cmd);

    cmd_len = strlen(g.home) + strlen(IMPORT_DIR) + 10;
    cmd = dmalloc(cmd_len);
    testutil_check(__wt_snprintf(cmd, cmd_len, "%s/%s", g.home, IMPORT_DIR));
    /* Open a connection to the database, creating it if necessary. */
    create_database(cmd, &import_conn);
    free(cmd);

            

Reported by FlawFinder.

strlen - Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected)
Security

Line: 220 Column: 15 CWE codes: 126

                  size_t buf_len;
    char to[64];

    buf_len = strlen(name) + 10;
    testutil_check(__wt_snprintf(to, buf_len, "../%s", name));
    testutil_check(__wt_copy_and_sync(session, name, to));
}

            

Reported by FlawFinder.

src/third_party/wiredtiger/dist/db.py
8 issues
Missing module docstring
Error

Line: 1 Column: 1

              # A simple python script to build a file that can be bulk-loaded into a
# WiredTiger database for smoke-testing.

import getopt, random, sys

dmin = 7        # Minimum data size
dmax = 837      # Maximum data size

seed = None     # Random number seed

            

Reported by Pylint.

Multiple imports on one line (getopt, random, sys)
Error

Line: 4 Column: 1

              # A simple python script to build a file that can be bulk-loaded into a
# WiredTiger database for smoke-testing.

import getopt, random, sys

dmin = 7        # Minimum data size
dmax = 837      # Maximum data size

seed = None     # Random number seed

            

Reported by Pylint.

Constant name "dmin" doesn't conform to UPPER_CASE naming style
Error

Line: 6 Column: 1

              
import getopt, random, sys

dmin = 7        # Minimum data size
dmax = 837      # Maximum data size

seed = None     # Random number seed
pairs = 100000  # Key/data pairs to output


            

Reported by Pylint.

Constant name "dmax" doesn't conform to UPPER_CASE naming style
Error

Line: 7 Column: 1

              import getopt, random, sys

dmin = 7        # Minimum data size
dmax = 837      # Maximum data size

seed = None     # Random number seed
pairs = 100000  # Key/data pairs to output

opts, args = getopt.getopt(sys.argv[1:], "m:n:s:")

            

Reported by Pylint.

Constant name "seed" doesn't conform to UPPER_CASE naming style
Error

Line: 9 Column: 1

              dmin = 7        # Minimum data size
dmax = 837      # Maximum data size

seed = None     # Random number seed
pairs = 100000  # Key/data pairs to output

opts, args = getopt.getopt(sys.argv[1:], "m:n:s:")
for o, a in opts:
    if o == "-m":

            

Reported by Pylint.

Constant name "pairs" doesn't conform to UPPER_CASE naming style
Error

Line: 10 Column: 1

              dmax = 837      # Maximum data size

seed = None     # Random number seed
pairs = 100000  # Key/data pairs to output

opts, args = getopt.getopt(sys.argv[1:], "m:n:s:")
for o, a in opts:
    if o == "-m":
        dmax = int(a)

            

Reported by Pylint.

Constant name "fmt" doesn't conform to UPPER_CASE naming style
Error

Line: 23 Column: 5

              
random.seed(seed)
for i in range(pairs):
    fmt = "%010d\ndata: %0" + str(random.randrange(dmin, dmax)) + "d"
    print(fmt % (i, i))

            

Reported by Pylint.

Standard pseudo-random generators are not suitable for security/cryptographic purposes.
Security blacklist

Line: 23
Suggestion: https://bandit.readthedocs.io/en/latest/blacklists/blacklist_calls.html#b311-random

              
random.seed(seed)
for i in range(pairs):
    fmt = "%010d\ndata: %0" + str(random.randrange(dmin, dmax)) + "d"
    print(fmt % (i, i))

            

Reported by Bandit.

src/third_party/abseil-cpp-master/abseil-cpp/absl/flags/marshalling.cc
8 issues
StrCat - Does not check for buffer overflows when concatenating to destination [MS-banned]
Security

Line: 166 Column: 45 CWE codes: 120

              // AbslUnparseFlag specializations for various builtin flag types.

std::string Unparse(bool v) { return v ? "true" : "false"; }
std::string Unparse(short v) { return absl::StrCat(v); }
std::string Unparse(unsigned short v) { return absl::StrCat(v); }
std::string Unparse(int v) { return absl::StrCat(v); }
std::string Unparse(unsigned int v) { return absl::StrCat(v); }
std::string Unparse(long v) { return absl::StrCat(v); }
std::string Unparse(unsigned long v) { return absl::StrCat(v); }

            

Reported by FlawFinder.

StrCat - Does not check for buffer overflows when concatenating to destination [MS-banned]
Security

Line: 167 Column: 54 CWE codes: 120

              
std::string Unparse(bool v) { return v ? "true" : "false"; }
std::string Unparse(short v) { return absl::StrCat(v); }
std::string Unparse(unsigned short v) { return absl::StrCat(v); }
std::string Unparse(int v) { return absl::StrCat(v); }
std::string Unparse(unsigned int v) { return absl::StrCat(v); }
std::string Unparse(long v) { return absl::StrCat(v); }
std::string Unparse(unsigned long v) { return absl::StrCat(v); }
std::string Unparse(long long v) { return absl::StrCat(v); }

            

Reported by FlawFinder.

StrCat - Does not check for buffer overflows when concatenating to destination [MS-banned]
Security

Line: 168 Column: 43 CWE codes: 120

              std::string Unparse(bool v) { return v ? "true" : "false"; }
std::string Unparse(short v) { return absl::StrCat(v); }
std::string Unparse(unsigned short v) { return absl::StrCat(v); }
std::string Unparse(int v) { return absl::StrCat(v); }
std::string Unparse(unsigned int v) { return absl::StrCat(v); }
std::string Unparse(long v) { return absl::StrCat(v); }
std::string Unparse(unsigned long v) { return absl::StrCat(v); }
std::string Unparse(long long v) { return absl::StrCat(v); }
std::string Unparse(unsigned long long v) { return absl::StrCat(v); }

            

Reported by FlawFinder.

StrCat - Does not check for buffer overflows when concatenating to destination [MS-banned]
Security

Line: 169 Column: 52 CWE codes: 120

              std::string Unparse(short v) { return absl::StrCat(v); }
std::string Unparse(unsigned short v) { return absl::StrCat(v); }
std::string Unparse(int v) { return absl::StrCat(v); }
std::string Unparse(unsigned int v) { return absl::StrCat(v); }
std::string Unparse(long v) { return absl::StrCat(v); }
std::string Unparse(unsigned long v) { return absl::StrCat(v); }
std::string Unparse(long long v) { return absl::StrCat(v); }
std::string Unparse(unsigned long long v) { return absl::StrCat(v); }
template <typename T>

            

Reported by FlawFinder.

StrCat - Does not check for buffer overflows when concatenating to destination [MS-banned]
Security

Line: 170 Column: 44 CWE codes: 120

              std::string Unparse(unsigned short v) { return absl::StrCat(v); }
std::string Unparse(int v) { return absl::StrCat(v); }
std::string Unparse(unsigned int v) { return absl::StrCat(v); }
std::string Unparse(long v) { return absl::StrCat(v); }
std::string Unparse(unsigned long v) { return absl::StrCat(v); }
std::string Unparse(long long v) { return absl::StrCat(v); }
std::string Unparse(unsigned long long v) { return absl::StrCat(v); }
template <typename T>
std::string UnparseFloatingPointVal(T v) {

            

Reported by FlawFinder.

StrCat - Does not check for buffer overflows when concatenating to destination [MS-banned]
Security

Line: 171 Column: 53 CWE codes: 120

              std::string Unparse(int v) { return absl::StrCat(v); }
std::string Unparse(unsigned int v) { return absl::StrCat(v); }
std::string Unparse(long v) { return absl::StrCat(v); }
std::string Unparse(unsigned long v) { return absl::StrCat(v); }
std::string Unparse(long long v) { return absl::StrCat(v); }
std::string Unparse(unsigned long long v) { return absl::StrCat(v); }
template <typename T>
std::string UnparseFloatingPointVal(T v) {
  // digits10 is guaranteed to roundtrip correctly in string -> value -> string

            

Reported by FlawFinder.

StrCat - Does not check for buffer overflows when concatenating to destination [MS-banned]
Security

Line: 172 Column: 49 CWE codes: 120

              std::string Unparse(unsigned int v) { return absl::StrCat(v); }
std::string Unparse(long v) { return absl::StrCat(v); }
std::string Unparse(unsigned long v) { return absl::StrCat(v); }
std::string Unparse(long long v) { return absl::StrCat(v); }
std::string Unparse(unsigned long long v) { return absl::StrCat(v); }
template <typename T>
std::string UnparseFloatingPointVal(T v) {
  // digits10 is guaranteed to roundtrip correctly in string -> value -> string
  // conversions, but may not be enough to represent all the values correctly.

            

Reported by FlawFinder.

StrCat - Does not check for buffer overflows when concatenating to destination [MS-banned]
Security

Line: 173 Column: 58 CWE codes: 120

              std::string Unparse(long v) { return absl::StrCat(v); }
std::string Unparse(unsigned long v) { return absl::StrCat(v); }
std::string Unparse(long long v) { return absl::StrCat(v); }
std::string Unparse(unsigned long long v) { return absl::StrCat(v); }
template <typename T>
std::string UnparseFloatingPointVal(T v) {
  // digits10 is guaranteed to roundtrip correctly in string -> value -> string
  // conversions, but may not be enough to represent all the values correctly.
  std::string digit10_str =

            

Reported by FlawFinder.

src/third_party/abseil-cpp-master/abseil-cpp/absl/container/btree_test.cc
8 issues
syntax error
Error

Line: 2232

              }

struct KeyCompareToWeakOrdering {
  template <typename T>
  absl::weak_ordering operator()(const T &a, const T &b) const {
    return a < b ? absl::weak_ordering::less
                 : a == b ? absl::weak_ordering::equivalent
                          : absl::weak_ordering::greater;
  }

            

Reported by Cppcheck.

StrCat - Does not check for buffer overflows when concatenating to destination [MS-banned]
Security

Line: 868 Column: 22 CWE codes: 120

                  return a < b;
  }
  bool operator()(const std::string &a, int b) const {
    return a < absl::StrCat(b);
  }
  bool operator()(int a, const std::string &b) const {
    return absl::StrCat(a) < b;
  }
  using is_transparent = void;

            

Reported by FlawFinder.

StrCat - Does not check for buffer overflows when concatenating to destination [MS-banned]
Security

Line: 871 Column: 18 CWE codes: 120

                  return a < absl::StrCat(b);
  }
  bool operator()(int a, const std::string &b) const {
    return absl::StrCat(a) < b;
  }
  using is_transparent = void;
};

struct NonTransparentCompare {

            

Reported by FlawFinder.

StrCat - Does not check for buffer overflows when concatenating to destination [MS-banned]
Security

Line: 1036 Column: 32 CWE codes: 120

                using StringSet = absl::btree_set<StringLike>;
  StringSet s;
  for (int i = 0; i < 100; ++i) {
    ASSERT_TRUE(s.insert(absl::StrCat(i).c_str()).second);
  }
  StringLike::clear_constructor_call_count();
  s.find("50");
  ASSERT_EQ(1, StringLike::constructor_calls());


            

Reported by FlawFinder.

StrCat - Does not check for buffer overflows when concatenating to destination [MS-banned]
Security

Line: 2046 Column: 25 CWE codes: 120

                absl::btree_multimap<std::string, int> map;
  for (int i = 0; i < 100; ++i) {
    for (int j = 0; j < 100; ++j) {
      map.insert({absl::StrCat(i), j});
    }
  }

  for (int i = 0; i < 100; ++i) {
    const std::string key = absl::StrCat(i);

            

Reported by FlawFinder.

StrCat - Does not check for buffer overflows when concatenating to destination [MS-banned]
Security

Line: 2051 Column: 35 CWE codes: 120

                }

  for (int i = 0; i < 100; ++i) {
    const std::string key = absl::StrCat(i);
    auto node_handle = map.extract(key);
    EXPECT_EQ(node_handle.key(), key);
    EXPECT_EQ(node_handle.mapped(), 0) << i;
  }


            

Reported by FlawFinder.

StrCat - Does not check for buffer overflows when concatenating to destination [MS-banned]
Security

Line: 2058 Column: 35 CWE codes: 120

                }

  for (int i = 0; i < 100; ++i) {
    const std::string key = absl::StrCat(i);
    auto node_handle = map.extract(key);
    EXPECT_EQ(node_handle.key(), key);
    EXPECT_EQ(node_handle.mapped(), 1) << i;
  }
}

            

Reported by FlawFinder.

equal - Function does not check the second iterator for over-read conditions
Security

Line: 2244 Column: 52 CWE codes: 126
Suggestion: This function is often discouraged by most C++ coding standards in favor of its safer alternatives provided since C++14. Consider using a form of this function that checks the second iterator before potentially overflowing it

                template <typename T>
  absl::strong_ordering operator()(const T &a, const T &b) const {
    return a < b ? absl::strong_ordering::less
                 : a == b ? absl::strong_ordering::equal
                          : absl::strong_ordering::greater;
  }
};

TEST(Btree, UserProvidedKeyCompareToComparators) {

            

Reported by FlawFinder.

src/third_party/abseil-cpp-master/abseil-cpp/absl/flags/internal/flag.cc
8 issues
StrCat - Does not check for buffer overflows when concatenating to destination [MS-banned]
Security

Line: 113 Column: 29 CWE codes: 120

                  if (!flag_impl_.RestoreState(*this)) return;

    ABSL_INTERNAL_LOG(INFO,
                      absl::StrCat("Restore saved value of ", flag_impl_.Name(),
                                   " to: ", flag_impl_.CurrentValue()));
  }

  // Flag and saved flag data.
  FlagImpl& flag_impl_;

            

Reported by FlawFinder.

StrCat - Does not check for buffer overflows when concatenating to destination [MS-banned]
Security

Line: 206 Column: 20 CWE codes: 120

              #endif

  ABSL_INTERNAL_LOG(
      FATAL, absl::StrCat("Flag '", Name(),
                          "' is defined as one type and declared as another"));
}

std::unique_ptr<void, DynValueDeleter> FlagImpl::MakeInitValue() const {
  void* res = nullptr;

            

Reported by FlawFinder.

StrCat - Does not check for buffer overflows when concatenating to destination [MS-banned]
Security

Line: 425 Column: 17 CWE codes: 120

                std::string parse_err;
  if (!flags_internal::Parse(op_, value, tentative_value.get(), &parse_err)) {
    absl::string_view err_sep = parse_err.empty() ? "" : "; ";
    err = absl::StrCat("Illegal value '", value, "' specified for flag '",
                       Name(), "'", err_sep, parse_err);
    return nullptr;
  }

  return tentative_value;

            

Reported by FlawFinder.

StrCat - Does not check for buffer overflows when concatenating to destination [MS-banned]
Security

Line: 477 Column: 38 CWE codes: 120

                  std::string ignored_error;
    std::string src_as_str = flags_internal::Unparse(op_, src);
    if (!flags_internal::Parse(op_, src_as_str, obj.get(), &ignored_error)) {
      ABSL_INTERNAL_LOG(ERROR, absl::StrCat("Attempt to set flag '", Name(),
                                            "' to invalid value ", src_as_str));
    }
  }

  StoreValue(src);

            

Reported by FlawFinder.

StrCat - Does not check for buffer overflows when concatenating to destination [MS-banned]
Security

Line: 562 Column: 15 CWE codes: 120

                if (!flags_internal::Parse(op_, v, dst.get(), &error)) {
    ABSL_INTERNAL_LOG(
        FATAL,
        absl::StrCat("Flag ", Name(), " (from ", Filename(),
                     "): string form of default value '", v,
                     "' could not be parsed; error=", error));
  }

  // We do not compare dst to def since parsing/unparsing may make

            

Reported by FlawFinder.

memcpy - Does not check for buffer overflows when copying to destination
Security

Line: 160 Column: 14 CWE codes: 120
Suggestion: Make sure destination can always hold the source data

                      (*default_value_.gen_func)(buf.data());
      } else {
        assert(def_kind != FlagDefaultKind::kDynamicValue);
        std::memcpy(buf.data(), &default_value_, Sizeof(op_));
      }
      OneWordValue().store(absl::bit_cast<int64_t>(buf),
                           std::memory_order_release);
      break;
    }

            

Reported by FlawFinder.

memcpy - Does not check for buffer overflows when copying to destination
Security

Line: 235 Column: 12 CWE codes: 120
Suggestion: Make sure destination can always hold the source data

                    break;
    case FlagValueStorageKind::kOneWordAtomic: {
      int64_t one_word_val = 0;
      std::memcpy(&one_word_val, src, Sizeof(op_));
      OneWordValue().store(one_word_val, std::memory_order_release);
      seq_lock_.IncrementModificationCount();
      break;
    }
    case FlagValueStorageKind::kSequenceLocked: {

            

Reported by FlawFinder.

memcpy - Does not check for buffer overflows when copying to destination
Security

Line: 444 Column: 12 CWE codes: 120
Suggestion: Make sure destination can always hold the source data

                  case FlagValueStorageKind::kOneWordAtomic: {
      const int64_t one_word_val =
          OneWordValue().load(std::memory_order_acquire);
      std::memcpy(dst, &one_word_val, Sizeof(op_));
      break;
    }
    case FlagValueStorageKind::kSequenceLocked: {
      ReadSequenceLockedData(dst);
      break;

            

Reported by FlawFinder.

src/third_party/wiredtiger/test/suite/test_empty_value.py
8 issues
Unable to import 'wiredtiger'
Error

Line: 32 Column: 1

              # test_empty_value.py
#       Smoke test empty row-store values.

from wiredtiger import stat
import wiredtiger, wttest

# Smoke test empty row-store values.
class test_row_store_empty_values(wttest.WiredTigerTestCase):
    conn_config = 'statistics=(all)'

            

Reported by Pylint.

Unable to import 'wiredtiger'
Error

Line: 33 Column: 1

              #       Smoke test empty row-store values.

from wiredtiger import stat
import wiredtiger, wttest

# Smoke test empty row-store values.
class test_row_store_empty_values(wttest.WiredTigerTestCase):
    conn_config = 'statistics=(all)'


            

Reported by Pylint.

Unused import wiredtiger
Error

Line: 33 Column: 1

              #       Smoke test empty row-store values.

from wiredtiger import stat
import wiredtiger, wttest

# Smoke test empty row-store values.
class test_row_store_empty_values(wttest.WiredTigerTestCase):
    conn_config = 'statistics=(all)'


            

Reported by Pylint.

Missing module docstring
Error

Line: 1 Column: 1

              #!/usr/bin/env python
#
# Public Domain 2014-present MongoDB, Inc.
# Public Domain 2008-2014 WiredTiger, Inc.
#
# This is free and unencumbered software released into the public domain.
#
# Anyone is free to copy, modify, publish, use, compile, sell, or
# distribute this software, either in source code form or as a compiled

            

Reported by Pylint.

Multiple imports on one line (wiredtiger, wttest)
Error

Line: 33 Column: 1

              #       Smoke test empty row-store values.

from wiredtiger import stat
import wiredtiger, wttest

# Smoke test empty row-store values.
class test_row_store_empty_values(wttest.WiredTigerTestCase):
    conn_config = 'statistics=(all)'


            

Reported by Pylint.

Missing class docstring
Error

Line: 36 Column: 1

              import wiredtiger, wttest

# Smoke test empty row-store values.
class test_row_store_empty_values(wttest.WiredTigerTestCase):
    conn_config = 'statistics=(all)'

    # Smoke test empty row-store values.
    def test_row_store_empty_values(self):
        nentries = 25000

            

Reported by Pylint.

Class name "test_row_store_empty_values" doesn't conform to PascalCase naming style
Error

Line: 36 Column: 1

              import wiredtiger, wttest

# Smoke test empty row-store values.
class test_row_store_empty_values(wttest.WiredTigerTestCase):
    conn_config = 'statistics=(all)'

    # Smoke test empty row-store values.
    def test_row_store_empty_values(self):
        nentries = 25000

            

Reported by Pylint.

Missing function or method docstring
Error

Line: 40 Column: 5

                  conn_config = 'statistics=(all)'

    # Smoke test empty row-store values.
    def test_row_store_empty_values(self):
        nentries = 25000
        uri = 'file:test_empty_values'          # This is a btree layer test.

        # Create the object, open the cursor, insert some records with zero-length values.
        self.session.create(uri, 'key_format=S,value_format=u')

            

Reported by Pylint.

src/third_party/IntelRDFPMathLib20U1/LIBRARY/src/bid64_minmax.c
8 issues
Shifting 32-bit value by 32 bits is undefined behaviour
Error

Line: 222 CWE codes: 758

                if (exp_x > exp_y) {	// to simplify the loop below,

    // otherwise adjust the x significand upwards
    __mul_64x64_to_128MACH (sig_n_prime, sig_x,
			    bid_mult_factor[exp_x - exp_y]);
    // if postitive, return whichever significand is larger 
    // (converse if negative)
    if (sig_n_prime.w[1] == 0 && (sig_n_prime.w[0] == sig_y)) {
      res = y;

            

Reported by Cppcheck.

Shifting 32-bit value by 32 bits is undefined behaviour
Error

Line: 237 CWE codes: 758

                  BID_RETURN (res);
  }
  // adjust the y significand upwards
  __mul_64x64_to_128MACH (sig_n_prime, sig_y,
			  bid_mult_factor[exp_y - exp_x]);

  // if postitive, return whichever significand is larger (converse if negative)
  if (sig_n_prime.w[1] == 0 && (sig_n_prime.w[0] == sig_x)) {
    res = y;

            

Reported by Cppcheck.

Shifting 32-bit value by 32 bits is undefined behaviour
Error

Line: 406 CWE codes: 758

                // if |exp_x - exp_y| < 15, it comes down to the compensated significand
  if (exp_x > exp_y) {	// to simplify the loop below,
    // otherwise adjust the x significand upwards
    __mul_64x64_to_128MACH (sig_n_prime, sig_x,
			    bid_mult_factor[exp_x - exp_y]);
    // now, sig_n_prime has: sig_x * 10^(exp_x-exp_y), this is 
    // the compensated signif.
    if (sig_n_prime.w[1] == 0 && (sig_n_prime.w[0] == sig_y)) {
      // two numbers are equal, return minNum(x,y)

            

Reported by Cppcheck.

Shifting 32-bit value by 32 bits is undefined behaviour
Error

Line: 421 CWE codes: 758

                  BID_RETURN (res);
  }
  // exp_y must be greater than exp_x, thus adjust the y significand upwards
  __mul_64x64_to_128MACH (sig_n_prime, sig_y,
			  bid_mult_factor[exp_y - exp_x]);

  if (sig_n_prime.w[1] == 0 && (sig_n_prime.w[0] == sig_x)) {
    res = ((y & MASK_SIGN) == MASK_SIGN) ? y : x;
    // two numbers are equal, return either

            

Reported by Cppcheck.

Shifting 32-bit value by 32 bits is undefined behaviour
Error

Line: 615 CWE codes: 758

                // if |exp_x - exp_y| < 15, it comes down to the compensated significand
  if (exp_x > exp_y) {	// to simplify the loop below,
    // otherwise adjust the x significand upwards
    __mul_64x64_to_128MACH (sig_n_prime, sig_x,
			    bid_mult_factor[exp_x - exp_y]);
    // if postitive, return whichever significand is larger 
    // (converse if negative)
    if (sig_n_prime.w[1] == 0 && (sig_n_prime.w[0] == sig_y)) {
      res = y;

            

Reported by Cppcheck.

Shifting 32-bit value by 32 bits is undefined behaviour
Error

Line: 629 CWE codes: 758

                  BID_RETURN (res);
  }
  // adjust the y significand upwards
  __mul_64x64_to_128MACH (sig_n_prime, sig_y,
			  bid_mult_factor[exp_y - exp_x]);

  // if postitive, return whichever significand is larger (converse if negative)
  if (sig_n_prime.w[1] == 0 && (sig_n_prime.w[0] == sig_x)) {
    res = y;

            

Reported by Cppcheck.

Shifting 32-bit value by 32 bits is undefined behaviour
Error

Line: 798 CWE codes: 758

                // if |exp_x - exp_y| < 15, it comes down to the compensated significand
  if (exp_x > exp_y) {	// to simplify the loop below,
    // otherwise adjust the x significand upwards
    __mul_64x64_to_128MACH (sig_n_prime, sig_x,
			    bid_mult_factor[exp_x - exp_y]);
    // now, sig_n_prime has: sig_x * 10^(exp_x-exp_y), 
    // this is the compensated signif.
    if (sig_n_prime.w[1] == 0 && (sig_n_prime.w[0] == sig_y)) {
      // two numbers are equal, return maxNum(x,y)

            

Reported by Cppcheck.

Shifting 32-bit value by 32 bits is undefined behaviour
Error

Line: 813 CWE codes: 758

                  BID_RETURN (res);
  }
  // exp_y must be greater than exp_x, thus adjust the y significand upwards
  __mul_64x64_to_128MACH (sig_n_prime, sig_y,
			  bid_mult_factor[exp_y - exp_x]);

  if (sig_n_prime.w[1] == 0 && (sig_n_prime.w[0] == sig_x)) {
    res = ((y & MASK_SIGN) == MASK_SIGN) ? x : y;
    // two numbers are equal, return either

            

Reported by Cppcheck.