The following issues were found

src/third_party/mozjs-60/extract/js/src/jit/shared/Assembler-shared.h
8 issues
access - This usually indicates a security flaw. If an attacker can change anything along the path between the call to access() and the file's actual use (e.g., by moving files), the attacker can exploit the race condition
Security

Line: 1006 Column: 36 CWE codes: 362/367!
Suggestion: Set up the correct permissions (e.g., using setuid()) and try to open the file directly

                  void append(wasm::CallFarJump jmp) {
        enoughMemory_ &= callFarJumps_.append(jmp);
    }
    void append(wasm::MemoryAccess access) {
        enoughMemory_ &= memoryAccesses_.append(access);
    }
    void append(const wasm::MemoryAccessDesc& access, size_t codeOffset, size_t framePushed) {
        if (access.hasTrap()) {
            // If a memory access is trapping (wasm, SIMD.js, Atomics), create a

            

Reported by FlawFinder.

access - This usually indicates a security flaw. If an attacker can change anything along the path between the call to access() and the file's actual use (e.g., by moving files), the attacker can exploit the race condition
Security

Line: 1007 Column: 49 CWE codes: 362/367!
Suggestion: Set up the correct permissions (e.g., using setuid()) and try to open the file directly

                      enoughMemory_ &= callFarJumps_.append(jmp);
    }
    void append(wasm::MemoryAccess access) {
        enoughMemory_ &= memoryAccesses_.append(access);
    }
    void append(const wasm::MemoryAccessDesc& access, size_t codeOffset, size_t framePushed) {
        if (access.hasTrap()) {
            // If a memory access is trapping (wasm, SIMD.js, Atomics), create a
            // OldTrapSite now which will generate a trap out-of-line path at the end

            

Reported by FlawFinder.

access - This usually indicates a security flaw. If an attacker can change anything along the path between the call to access() and the file's actual use (e.g., by moving files), the attacker can exploit the race condition
Security

Line: 1009 Column: 47 CWE codes: 362/367!
Suggestion: Set up the correct permissions (e.g., using setuid()) and try to open the file directly

                  void append(wasm::MemoryAccess access) {
        enoughMemory_ &= memoryAccesses_.append(access);
    }
    void append(const wasm::MemoryAccessDesc& access, size_t codeOffset, size_t framePushed) {
        if (access.hasTrap()) {
            // If a memory access is trapping (wasm, SIMD.js, Atomics), create a
            // OldTrapSite now which will generate a trap out-of-line path at the end
            // of the function which will *then* append a MemoryAccess.
            wasm::OldTrapDesc trap(access.trapOffset(), wasm::Trap::OutOfBounds, framePushed,

            

Reported by FlawFinder.

access - This usually indicates a security flaw. If an attacker can change anything along the path between the call to access() and the file's actual use (e.g., by moving files), the attacker can exploit the race condition
Security

Line: 1010 Column: 13 CWE codes: 362/367!
Suggestion: Set up the correct permissions (e.g., using setuid()) and try to open the file directly

                      enoughMemory_ &= memoryAccesses_.append(access);
    }
    void append(const wasm::MemoryAccessDesc& access, size_t codeOffset, size_t framePushed) {
        if (access.hasTrap()) {
            // If a memory access is trapping (wasm, SIMD.js, Atomics), create a
            // OldTrapSite now which will generate a trap out-of-line path at the end
            // of the function which will *then* append a MemoryAccess.
            wasm::OldTrapDesc trap(access.trapOffset(), wasm::Trap::OutOfBounds, framePushed,
                                   wasm::OldTrapSite::MemoryAccess);

            

Reported by FlawFinder.

access - This usually indicates a security flaw. If an attacker can change anything along the path between the call to access() and the file's actual use (e.g., by moving files), the attacker can exploit the race condition
Security

Line: 1014 Column: 36 CWE codes: 362/367!
Suggestion: Set up the correct permissions (e.g., using setuid()) and try to open the file directly

                          // If a memory access is trapping (wasm, SIMD.js, Atomics), create a
            // OldTrapSite now which will generate a trap out-of-line path at the end
            // of the function which will *then* append a MemoryAccess.
            wasm::OldTrapDesc trap(access.trapOffset(), wasm::Trap::OutOfBounds, framePushed,
                                   wasm::OldTrapSite::MemoryAccess);
            append(wasm::OldTrapSite(trap, codeOffset));
        } else {
            // Otherwise, this is a plain asm.js access. On WASM_HUGE_MEMORY
            // platforms, asm.js uses signal handlers to remove bounds checks

            

Reported by FlawFinder.

access - This usually indicates a security flaw. If an attacker can change anything along the path between the call to access() and the file's actual use (e.g., by moving files), the attacker can exploit the race condition
Security

Line: 1021 Column: 24 CWE codes: 362/367!
Suggestion: Set up the correct permissions (e.g., using setuid()) and try to open the file directly

                          // Otherwise, this is a plain asm.js access. On WASM_HUGE_MEMORY
            // platforms, asm.js uses signal handlers to remove bounds checks
            // and thus requires a MemoryAccess.
            MOZ_ASSERT(access.isPlainAsmJS());
#ifdef WASM_HUGE_MEMORY
            append(wasm::MemoryAccess(codeOffset));
#endif
        }
    }

            

Reported by FlawFinder.

access - This usually indicates a security flaw. If an attacker can change anything along the path between the call to access() and the file's actual use (e.g., by moving files), the attacker can exploit the race condition
Security

Line: 1027 Column: 38 CWE codes: 362/367!
Suggestion: Set up the correct permissions (e.g., using setuid()) and try to open the file directly

              #endif
        }
    }
    void append(wasm::SymbolicAccess access) {
        enoughMemory_ &= symbolicAccesses_.append(access);
    }

    wasm::CallSiteVector& callSites() { return callSites_; }
    wasm::CallSiteTargetVector& callSiteTargets() { return callSiteTargets_; }

            

Reported by FlawFinder.

access - This usually indicates a security flaw. If an attacker can change anything along the path between the call to access() and the file's actual use (e.g., by moving files), the attacker can exploit the race condition
Security

Line: 1028 Column: 51 CWE codes: 362/367!
Suggestion: Set up the correct permissions (e.g., using setuid()) and try to open the file directly

                      }
    }
    void append(wasm::SymbolicAccess access) {
        enoughMemory_ &= symbolicAccesses_.append(access);
    }

    wasm::CallSiteVector& callSites() { return callSites_; }
    wasm::CallSiteTargetVector& callSiteTargets() { return callSiteTargets_; }
    wasm::TrapSiteVectorArray& trapSites() { return trapSites_; }

            

Reported by FlawFinder.

site_scons/site_tools/jsheader.py
8 issues
Unable to import 'SCons.Script'
Error

Line: 23 Column: 1

              # WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
#

from SCons.Script import Action


def jsToH(env, target, source):
    return env.Command(
        target=target,

            

Reported by Pylint.

Unused argument 'kw'
Error

Line: 34 Column: 1

                  )


def generate(env, **kw):
    env.AddMethod(jsToH, "JSHeader")


def exists(env):
    return True

            

Reported by Pylint.

Unused argument 'env'
Error

Line: 38 Column: 12

                  env.AddMethod(jsToH, "JSHeader")


def exists(env):
    return True

            

Reported by Pylint.

Missing module docstring
Error

Line: 1 Column: 1

              # Copyright 2020 MongoDB Inc.
#
# Permission is hereby granted, free of charge, to any person obtaining
# a copy of this software and associated documentation files (the
# "Software"), to deal in the Software without restriction, including
# without limitation the rights to use, copy, modify, merge, publish,
# distribute, sublicense, and/or sell copies of the Software, and to
# permit persons to whom the Software is furnished to do so, subject to
# the following conditions:

            

Reported by Pylint.

Missing function or method docstring
Error

Line: 26 Column: 1

              from SCons.Script import Action


def jsToH(env, target, source):
    return env.Command(
        target=target,
        source=["#site_scons/site_tools/jstoh.py"] + source,
        action=Action("$PYTHON ${SOURCES[0]} $TARGET ${SOURCES[1:]}"),
    )

            

Reported by Pylint.

Function name "jsToH" doesn't conform to snake_case naming style
Error

Line: 26 Column: 1

              from SCons.Script import Action


def jsToH(env, target, source):
    return env.Command(
        target=target,
        source=["#site_scons/site_tools/jstoh.py"] + source,
        action=Action("$PYTHON ${SOURCES[0]} $TARGET ${SOURCES[1:]}"),
    )

            

Reported by Pylint.

Missing function or method docstring
Error

Line: 34 Column: 1

                  )


def generate(env, **kw):
    env.AddMethod(jsToH, "JSHeader")


def exists(env):
    return True

            

Reported by Pylint.

Missing function or method docstring
Error

Line: 38 Column: 1

                  env.AddMethod(jsToH, "JSHeader")


def exists(env):
    return True

            

Reported by Pylint.

src/mongo/util/shell_exec.cpp
8 issues
popen - This causes a new program to execute and is difficult to use safely
Security

Line: 209 Column: 17 CWE codes: 78
Suggestion: try using a library call that implements the same functionality if available

              class ProcessStream {
public:
    ProcessStream(const std::string& cmd) {
        _fp = ::popen(cmd.c_str(), "r");
        uassert(ErrorCodes::OperationFailed,
                str::stream() << "Unable to launch command: " << errnoWithDescription(),
                _fp);
        _fd = fileno(_fp);
    }

            

Reported by FlawFinder.

char - Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues
Security

Line: 157 Column: 9 CWE codes: 119 120
Suggestion: Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length

                          return;
        }

        char buf[kExecBufferSizeBytes];
        DWORD read = 0;
        uassert(ErrorCodes::OperationFailed,
                str::stream() << "Failed reading from subprocess: " << errnoWithDescription(),
                ReadFile(_stdout, buf, std::min<size_t>(sizeof(buf), len), &read, nullptr));


            

Reported by FlawFinder.

char - Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues
Security

Line: 246 Column: 9 CWE codes: 119 120
Suggestion: Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length

                  }

    void read(StringBuilder& sb, size_t len) {
        char buf[kExecBufferSizeBytes];
        len = fread(buf, 1, std::min<size_t>(sizeof(buf), len), _fp);
        sb << StringData(buf, len);
    }

    ~ProcessStream() {

            

Reported by FlawFinder.

read - Check buffer boundaries if used in a loop including recursive loops
Security

Line: 151 Column: 10 CWE codes: 120 20

                      }
    }

    void read(StringBuilder& sb, size_t len) {
        constexpr DWORD kPipeReadyTimeoutMS = 10;
        if (!_stdout || (WAIT_OBJECT_0 != WaitForSingleObject(_stdout, kPipeReadyTimeoutMS))) {
            return;
        }


            

Reported by FlawFinder.

read - Check buffer boundaries if used in a loop including recursive loops
Security

Line: 161 Column: 77 CWE codes: 120 20

                      DWORD read = 0;
        uassert(ErrorCodes::OperationFailed,
                str::stream() << "Failed reading from subprocess: " << errnoWithDescription(),
                ReadFile(_stdout, buf, std::min<size_t>(sizeof(buf), len), &read, nullptr));

        if (read == 0) {
            CloseHandle(_stdout);
            _stdout = nullptr;
        } else {

            

Reported by FlawFinder.

read - Check buffer boundaries if used in a loop including recursive loops
Security

Line: 167 Column: 35 CWE codes: 120 20

                          CloseHandle(_stdout);
            _stdout = nullptr;
        } else {
            sb << StringData(buf, read);
        }
    }

    ~ProcessStream() {
        if (_startup.hStdInput) {

            

Reported by FlawFinder.

read - Check buffer boundaries if used in a loop including recursive loops
Security

Line: 245 Column: 10 CWE codes: 120 20

                      }
    }

    void read(StringBuilder& sb, size_t len) {
        char buf[kExecBufferSizeBytes];
        len = fread(buf, 1, std::min<size_t>(sizeof(buf), len), _fp);
        sb << StringData(buf, len);
    }


            

Reported by FlawFinder.

read - Check buffer boundaries if used in a loop including recursive loops
Security

Line: 285 Column: 17 CWE codes: 120 20

                          return status;
        }

        process.read(sb, maxlen - sb.len());
        if (static_cast<size_t>(sb.len()) >= maxlen) {
            // Truncate at maxlen
            break;
        }
    }

            

Reported by FlawFinder.

src/third_party/mozjs-60/extract/js/src/jit/mips32/CodeGenerator-mips32.cpp
8 issues
access - This usually indicates a security flaw. If an attacker can change anything along the path between the call to access() and the file's actual use (e.g., by moving files), the attacker can exploit the race condition
Security

Line: 322 Column: 26 CWE codes: 362/367!
Suggestion: Set up the correct permissions (e.g., using setuid()) and try to open the file directly

                      ptrScratch = ToRegister(lir->ptrCopy());
    }

    if (IsUnaligned(mir->access())) {
        masm.wasmUnalignedLoadI64(mir->access(), HeapReg, ToRegister(lir->ptr()),
                                  ptrScratch, ToOutRegister64(lir), ToRegister(lir->getTemp(1)));
    } else {
        masm.wasmLoadI64(mir->access(), HeapReg, ToRegister(lir->ptr()), ptrScratch,
                         ToOutRegister64(lir));

            

Reported by FlawFinder.

access - This usually indicates a security flaw. If an attacker can change anything along the path between the call to access() and the file's actual use (e.g., by moving files), the attacker can exploit the race condition
Security

Line: 323 Column: 40 CWE codes: 362/367!
Suggestion: Set up the correct permissions (e.g., using setuid()) and try to open the file directly

                  }

    if (IsUnaligned(mir->access())) {
        masm.wasmUnalignedLoadI64(mir->access(), HeapReg, ToRegister(lir->ptr()),
                                  ptrScratch, ToOutRegister64(lir), ToRegister(lir->getTemp(1)));
    } else {
        masm.wasmLoadI64(mir->access(), HeapReg, ToRegister(lir->ptr()), ptrScratch,
                         ToOutRegister64(lir));
    }

            

Reported by FlawFinder.

access - This usually indicates a security flaw. If an attacker can change anything along the path between the call to access() and the file's actual use (e.g., by moving files), the attacker can exploit the race condition
Security

Line: 326 Column: 31 CWE codes: 362/367!
Suggestion: Set up the correct permissions (e.g., using setuid()) and try to open the file directly

                      masm.wasmUnalignedLoadI64(mir->access(), HeapReg, ToRegister(lir->ptr()),
                                  ptrScratch, ToOutRegister64(lir), ToRegister(lir->getTemp(1)));
    } else {
        masm.wasmLoadI64(mir->access(), HeapReg, ToRegister(lir->ptr()), ptrScratch,
                         ToOutRegister64(lir));
    }
}

void

            

Reported by FlawFinder.

access - This usually indicates a security flaw. If an attacker can change anything along the path between the call to access() and the file's actual use (e.g., by moving files), the attacker can exploit the race condition
Security

Line: 354 Column: 26 CWE codes: 362/367!
Suggestion: Set up the correct permissions (e.g., using setuid()) and try to open the file directly

                      ptrScratch = ToRegister(lir->ptrCopy());
    }

    if (IsUnaligned(mir->access())) {
        masm.wasmUnalignedStoreI64(mir->access(), ToRegister64(lir->value()), HeapReg,
                                   ToRegister(lir->ptr()), ptrScratch, ToRegister(lir->getTemp(1)));
    } else {
        masm.wasmStoreI64(mir->access(), ToRegister64(lir->value()), HeapReg,
                          ToRegister(lir->ptr()), ptrScratch);

            

Reported by FlawFinder.

access - This usually indicates a security flaw. If an attacker can change anything along the path between the call to access() and the file's actual use (e.g., by moving files), the attacker can exploit the race condition
Security

Line: 355 Column: 41 CWE codes: 362/367!
Suggestion: Set up the correct permissions (e.g., using setuid()) and try to open the file directly

                  }

    if (IsUnaligned(mir->access())) {
        masm.wasmUnalignedStoreI64(mir->access(), ToRegister64(lir->value()), HeapReg,
                                   ToRegister(lir->ptr()), ptrScratch, ToRegister(lir->getTemp(1)));
    } else {
        masm.wasmStoreI64(mir->access(), ToRegister64(lir->value()), HeapReg,
                          ToRegister(lir->ptr()), ptrScratch);
    }

            

Reported by FlawFinder.

access - This usually indicates a security flaw. If an attacker can change anything along the path between the call to access() and the file's actual use (e.g., by moving files), the attacker can exploit the race condition
Security

Line: 358 Column: 32 CWE codes: 362/367!
Suggestion: Set up the correct permissions (e.g., using setuid()) and try to open the file directly

                      masm.wasmUnalignedStoreI64(mir->access(), ToRegister64(lir->value()), HeapReg,
                                   ToRegister(lir->ptr()), ptrScratch, ToRegister(lir->getTemp(1)));
    } else {
        masm.wasmStoreI64(mir->access(), ToRegister64(lir->value()), HeapReg,
                          ToRegister(lir->ptr()), ptrScratch);
    }
}

void

            

Reported by FlawFinder.

access - This usually indicates a security flaw. If an attacker can change anything along the path between the call to access() and the file's actual use (e.g., by moving files), the attacker can exploit the race condition
Security

Line: 593 Column: 35 CWE codes: 362/367!
Suggestion: Set up the correct permissions (e.g., using setuid()) and try to open the file directly

              {
    Register ptr = ToRegister(lir->ptr());
    Register64 output = ToOutRegister64(lir);
    uint32_t offset = lir->mir()->access().offset();

    BaseIndex addr(HeapReg, ptr, TimesOne, offset);

    masm.atomicLoad64(Synchronization::Full(), addr, Register64::Invalid(), output);
}

            

Reported by FlawFinder.

access - This usually indicates a security flaw. If an attacker can change anything along the path between the call to access() and the file's actual use (e.g., by moving files), the attacker can exploit the race condition
Security

Line: 606 Column: 35 CWE codes: 362/367!
Suggestion: Set up the correct permissions (e.g., using setuid()) and try to open the file directly

                  Register ptr = ToRegister(lir->ptr());
    Register64 value = ToRegister64(lir->value());
    Register tmp = ToRegister(lir->tmp());
    uint32_t offset = lir->mir()->access().offset();

    BaseIndex addr(HeapReg, ptr, TimesOne, offset);

    masm.atomicStore64(addr, tmp, value);
}

            

Reported by FlawFinder.

src/third_party/mozjs-60/extract/js/src/jit/mips-shared/Assembler-mips-shared.h
8 issues
access - This usually indicates a security flaw. If an attacker can change anything along the path between the call to access() and the file's actual use (e.g., by moving files), the attacker can exploit the race condition
Security

Line: 1578 Column: 43 CWE codes: 362/367!
Suggestion: Set up the correct permissions (e.g., using setuid()) and try to open the file directly

              };

inline bool
IsUnaligned(const wasm::MemoryAccessDesc& access)
{
    if (!access.align())
        return false;

#ifdef JS_CODEGEN_MIPS32

            

Reported by FlawFinder.

access - This usually indicates a security flaw. If an attacker can change anything along the path between the call to access() and the file's actual use (e.g., by moving files), the attacker can exploit the race condition
Security

Line: 1580 Column: 10 CWE codes: 362/367!
Suggestion: Set up the correct permissions (e.g., using setuid()) and try to open the file directly

              inline bool
IsUnaligned(const wasm::MemoryAccessDesc& access)
{
    if (!access.align())
        return false;

#ifdef JS_CODEGEN_MIPS32
    if (access.type() == Scalar::Int64 && access.align() >= 4)
        return false;

            

Reported by FlawFinder.

access - This usually indicates a security flaw. If an attacker can change anything along the path between the call to access() and the file's actual use (e.g., by moving files), the attacker can exploit the race condition
Security

Line: 1584 Column: 9 CWE codes: 362/367!
Suggestion: Set up the correct permissions (e.g., using setuid()) and try to open the file directly

                      return false;

#ifdef JS_CODEGEN_MIPS32
    if (access.type() == Scalar::Int64 && access.align() >= 4)
        return false;
#endif

    return access.align() < access.byteSize();
}

            

Reported by FlawFinder.

access - This usually indicates a security flaw. If an attacker can change anything along the path between the call to access() and the file's actual use (e.g., by moving files), the attacker can exploit the race condition
Security

Line: 1584 Column: 43 CWE codes: 362/367!
Suggestion: Set up the correct permissions (e.g., using setuid()) and try to open the file directly

                      return false;

#ifdef JS_CODEGEN_MIPS32
    if (access.type() == Scalar::Int64 && access.align() >= 4)
        return false;
#endif

    return access.align() < access.byteSize();
}

            

Reported by FlawFinder.

access - This usually indicates a security flaw. If an attacker can change anything along the path between the call to access() and the file's actual use (e.g., by moving files), the attacker can exploit the race condition
Security

Line: 1588 Column: 29 CWE codes: 362/367!
Suggestion: Set up the correct permissions (e.g., using setuid()) and try to open the file directly

                      return false;
#endif

    return access.align() < access.byteSize();
}

} // namespace jit
} // namespace js


            

Reported by FlawFinder.

access - This usually indicates a security flaw. If an attacker can change anything along the path between the call to access() and the file's actual use (e.g., by moving files), the attacker can exploit the race condition
Security

Line: 1588 Column: 12 CWE codes: 362/367!
Suggestion: Set up the correct permissions (e.g., using setuid()) and try to open the file directly

                      return false;
#endif

    return access.align() < access.byteSize();
}

} // namespace jit
} // namespace js


            

Reported by FlawFinder.

memcpy - Does not check for buffer overflows when copying to destination
Security

Line: 750 Column: 13 CWE codes: 120
Suggestion: Make sure destination can always hold the source data

                          return;

        for (Slice* cur = head; cur != nullptr; cur = cur->getNext()) {
            memcpy(buffer, &cur->instructions, cur->length());
            buffer += cur->length();
        }
    }

    bool appendRawCode(const uint8_t* code, size_t numBytes) {

            

Reported by FlawFinder.

char - Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues
Security

Line: 954 Column: 9 CWE codes: 119 120
Suggestion: Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length

                  MOZ_COLD void spew(const char* fmt, va_list va) MOZ_FORMAT_PRINTF(2, 0) {
        // Buffer to hold the formatted string. Note that this may contain
        // '%' characters, so do not pass it directly to printf functions.
        char buf[200];

        int i = VsprintfLiteral(buf, fmt, va);
        if (i > -1) {
            if (printer)
                printer->printf("%s\n", buf);

            

Reported by FlawFinder.

src/third_party/wiredtiger/test/format/import.c
8 issues
system - This causes a new program to execute and is difficult to use safely
Security

Line: 78 Column: 23 CWE codes: 78
Suggestion: try using a library call that implements the same functionality if available

                  cmd_len = strlen(g.home) * 2 + strlen(HOME_IMPORT_INIT_CMD) + 1;
    cmd = dmalloc(cmd_len);
    testutil_check(__wt_snprintf(cmd, cmd_len, HOME_IMPORT_INIT_CMD, g.home, g.home));
    testutil_checkfmt(system(cmd), "%s", "import directory creation failed");
    free(cmd);

    cmd_len = strlen(g.home) + strlen(IMPORT_DIR) + 10;
    cmd = dmalloc(cmd_len);
    testutil_check(__wt_snprintf(cmd, cmd_len, "%s/%s", g.home, IMPORT_DIR));

            

Reported by FlawFinder.

char - Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues
Security

Line: 64 Column: 5 CWE codes: 119 120
Suggestion: Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length

                  size_t cmd_len;
    uint32_t import_value;
    u_int period;
    char buf[2048], *cmd;
    const char *file_config, *table_config;

    WT_UNUSED(arg);
    conn = g.wts_conn;
    file_config = table_config = NULL;

            

Reported by FlawFinder.

char - Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues
Security

Line: 218 Column: 5 CWE codes: 119 120
Suggestion: Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length

              copy_file_into_directory(WT_SESSION *session, const char *name)
{
    size_t buf_len;
    char to[64];

    buf_len = strlen(name) + 10;
    testutil_check(__wt_snprintf(to, buf_len, "../%s", name));
    testutil_check(__wt_copy_and_sync(session, name, to));
}

            

Reported by FlawFinder.

strlen - Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected)
Security

Line: 75 Column: 15 CWE codes: 126

                  /*
     * Create a new database, primarily used for testing import.
     */
    cmd_len = strlen(g.home) * 2 + strlen(HOME_IMPORT_INIT_CMD) + 1;
    cmd = dmalloc(cmd_len);
    testutil_check(__wt_snprintf(cmd, cmd_len, HOME_IMPORT_INIT_CMD, g.home, g.home));
    testutil_checkfmt(system(cmd), "%s", "import directory creation failed");
    free(cmd);


            

Reported by FlawFinder.

strlen - Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected)
Security

Line: 75 Column: 36 CWE codes: 126

                  /*
     * Create a new database, primarily used for testing import.
     */
    cmd_len = strlen(g.home) * 2 + strlen(HOME_IMPORT_INIT_CMD) + 1;
    cmd = dmalloc(cmd_len);
    testutil_check(__wt_snprintf(cmd, cmd_len, HOME_IMPORT_INIT_CMD, g.home, g.home));
    testutil_checkfmt(system(cmd), "%s", "import directory creation failed");
    free(cmd);


            

Reported by FlawFinder.

strlen - Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected)
Security

Line: 81 Column: 15 CWE codes: 126

                  testutil_checkfmt(system(cmd), "%s", "import directory creation failed");
    free(cmd);

    cmd_len = strlen(g.home) + strlen(IMPORT_DIR) + 10;
    cmd = dmalloc(cmd_len);
    testutil_check(__wt_snprintf(cmd, cmd_len, "%s/%s", g.home, IMPORT_DIR));
    /* Open a connection to the database, creating it if necessary. */
    create_database(cmd, &import_conn);
    free(cmd);

            

Reported by FlawFinder.

strlen - Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected)
Security

Line: 81 Column: 32 CWE codes: 126

                  testutil_checkfmt(system(cmd), "%s", "import directory creation failed");
    free(cmd);

    cmd_len = strlen(g.home) + strlen(IMPORT_DIR) + 10;
    cmd = dmalloc(cmd_len);
    testutil_check(__wt_snprintf(cmd, cmd_len, "%s/%s", g.home, IMPORT_DIR));
    /* Open a connection to the database, creating it if necessary. */
    create_database(cmd, &import_conn);
    free(cmd);

            

Reported by FlawFinder.

strlen - Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected)
Security

Line: 220 Column: 15 CWE codes: 126

                  size_t buf_len;
    char to[64];

    buf_len = strlen(name) + 10;
    testutil_check(__wt_snprintf(to, buf_len, "../%s", name));
    testutil_check(__wt_copy_and_sync(session, name, to));
}

            

Reported by FlawFinder.

src/mongo/shell/shell_utils_extended.cpp
8 issues
getenv - Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once
Security

Line: 517 Column: 19 CWE codes: 807 20
Suggestion: Check environment variables carefully before using them

                  const auto envName = a.firstElement().String();
    std::string result{};
#ifndef _WIN32
    auto envPtr = getenv(envName.c_str());
    if (envPtr) {
        result = std::string(envPtr);
    }
#else
    auto envPtr = _wgetenv(toNativeString(envName.c_str()).c_str());

            

Reported by FlawFinder.

fopen - Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents?
Security

Line: 255 Column: 15 CWE codes: 362

              BSONObj md5sumFile(const BSONObj& args, void* data) {
    BSONElement e = singleArg(args);
    stringstream ss;
    FILE* f = fopen(e.valuestrsafe(), "rb");
    uassert(CANT_OPEN_FILE, str::stream() << "couldn't open file " << e.valuestrsafe(), f);
    ON_BLOCK_EXIT([&] { fclose(f); });

    md5digest d;
    md5_state_t st;

            

Reported by FlawFinder.

char - Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues
Security

Line: 264 Column: 5 CWE codes: 119 120
Suggestion: Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length

                  md5_init(&st);

    enum { BUFLEN = 4 * 1024 };
    char buffer[BUFLEN];
    int bytes_read;
    while ((bytes_read = fread(buffer, 1, BUFLEN, f))) {
        md5_append(&st, (const md5_byte_t*)(buffer), bytes_read);
    }


            

Reported by FlawFinder.

char - Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues
Security

Line: 407 Column: 5 CWE codes: 119 120
Suggestion: Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length

              
BSONObj getHostName(const BSONObj& a, void* data) {
    uassert(13411, "getHostName accepts no arguments", a.nFields() == 0);
    char buf[260];  // HOST_NAME_MAX is usually 255
    verify(gethostname(buf, 260) == 0);
    buf[259] = '\0';
    return BSON("" << buf);
}


            

Reported by FlawFinder.

char - Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues
Security

Line: 467 Column: 9 CWE codes: 119 120
Suggestion: Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length

                  // if there is more data in the file or stream than we can handle.
    std::string contents;
    while (stream) {
        char buffer[4096];
        stream.read(buffer, sizeof(buffer));
        contents.append(buffer, stream.gcount());

        // Check that the size of the data can fit into the BSON shape
        // { "" : [ ... ] }, which has 12 bytes of overhead.

            

Reported by FlawFinder.

read - Check buffer boundaries if used in a loop including recursive loops
Security

Line: 226 Column: 13 CWE codes: 120 20

              
    bool earlyEOF = false;
    std::vector<char> buffer(length);
    if (!in.read(buffer.data(), length)) {
        invariant(in.rdstate() & std::ifstream::eofbit);
        earlyEOF = true;
    }

    int64_t bytesRead = in.gcount();

            

Reported by FlawFinder.

umask - Ensure that umask is given most restrictive possible setting (e.g., 066 or 077)
Security

Line: 426 Column: 40 CWE codes: 732

                          "umask takes 1 argument, the octal mode of the umask",
            a.nFields() == 1 && isNumericBSONType(a.firstElementType()));
    auto val = a.firstElement().safeNumberInt();
    return BSON("" << static_cast<int>(umask(static_cast<mode_t>(val))));
#endif
}

BSONObj getFileMode(const BSONObj& a, void* data) {
    uassert(50975,

            

Reported by FlawFinder.

read - Check buffer boundaries if used in a loop including recursive loops
Security

Line: 468 Column: 16 CWE codes: 120 20

                  std::string contents;
    while (stream) {
        char buffer[4096];
        stream.read(buffer, sizeof(buffer));
        contents.append(buffer, stream.gcount());

        // Check that the size of the data can fit into the BSON shape
        // { "" : [ ... ] }, which has 12 bytes of overhead.
        uassert(31406,

            

Reported by FlawFinder.

src/mongo/rpc/message.h
8 issues
char - Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues
Security

Line: 275 Column: 5 CWE codes: 119 120
Suggestion: Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length

              #pragma pack(1)
struct Layout {
    MSGHEADER::Layout header;
    char data[4];
};
#pragma pack()

class ConstView {
public:

            

Reported by FlawFinder.

memcpy - Does not check for buffer overflows when copying to destination
Security

Line: 453 Column: 13 CWE codes: 120
Suggestion: Make sure destination can always hold the source data

                      _buf = SharedBuffer::allocate(dataLen);
        MsgData::View d = _buf.get();
        if (len)
            memcpy(d.data(), msgdata, len);
        d.setLen(dataLen);
        d.setOperation(operation);
    }

    char* buf() {

            

Reported by FlawFinder.

read - Check buffer boundaries if used in a loop including recursive loops
Security

Line: 202 Column: 23 CWE codes: 120 20

                  }

    int32_t getMessageLength() const {
        return data().read<LittleEndian<int32_t>>(offsetof(Layout, messageLength));
    }

    int32_t getRequestMsgId() const {
        return data().read<LittleEndian<int32_t>>(offsetof(Layout, requestID));
    }

            

Reported by FlawFinder.

read - Check buffer boundaries if used in a loop including recursive loops
Security

Line: 206 Column: 23 CWE codes: 120 20

                  }

    int32_t getRequestMsgId() const {
        return data().read<LittleEndian<int32_t>>(offsetof(Layout, requestID));
    }

    int32_t getResponseToMsgId() const {
        return data().read<LittleEndian<int32_t>>(offsetof(Layout, responseTo));
    }

            

Reported by FlawFinder.

read - Check buffer boundaries if used in a loop including recursive loops
Security

Line: 210 Column: 23 CWE codes: 120 20

                  }

    int32_t getResponseToMsgId() const {
        return data().read<LittleEndian<int32_t>>(offsetof(Layout, responseTo));
    }

    int32_t getOpCode() const {
        return data().read<LittleEndian<int32_t>>(offsetof(Layout, opCode));
    }

            

Reported by FlawFinder.

read - Check buffer boundaries if used in a loop including recursive loops
Security

Line: 214 Column: 23 CWE codes: 120 20

                  }

    int32_t getOpCode() const {
        return data().read<LittleEndian<int32_t>>(offsetof(Layout, opCode));
    }

protected:
    const view_type& data() const {
        return _data;

            

Reported by FlawFinder.

read - Check buffer boundaries if used in a loop including recursive loops
Security

Line: 318 Column: 56 CWE codes: 120 20

                  int64_t getCursor() const {
        verify(getResponseToMsgId() > 0);
        verify(getNetworkOp() == opReply);
        return ConstDataView(data() + sizeof(int32_t)).read<LittleEndian<int64_t>>();
    }

    int dataLen() const;  // len without header

protected:

            

Reported by FlawFinder.

strlen - Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected)
Security

Line: 445 Column: 36 CWE codes: 126

                      _buf = std::move(buf);
    }
    void setData(int operation, const char* msgtxt) {
        setData(operation, msgtxt, strlen(msgtxt) + 1);
    }
    void setData(int operation, const char* msgdata, size_t len) {
        verify(empty());
        size_t dataLen = len + sizeof(MsgData::Value) - 4;
        _buf = SharedBuffer::allocate(dataLen);

            

Reported by FlawFinder.

src/third_party/wiredtiger/test/suite/test_util08.py
8 issues
Unable to import 'wiredtiger'
Error

Line: 30 Column: 1

              # OTHER DEALINGS IN THE SOFTWARE.

from suite_subprocess import suite_subprocess
import wiredtiger, wttest

# test_util08.py
#    Utilities: wt copyright
class test_util08(wttest.WiredTigerTestCase, suite_subprocess):
    def test_copyright(self):

            

Reported by Pylint.

Unused import wiredtiger
Error

Line: 30 Column: 1

              # OTHER DEALINGS IN THE SOFTWARE.

from suite_subprocess import suite_subprocess
import wiredtiger, wttest

# test_util08.py
#    Utilities: wt copyright
class test_util08(wttest.WiredTigerTestCase, suite_subprocess):
    def test_copyright(self):

            

Reported by Pylint.

Missing module docstring
Error

Line: 1 Column: 1

              #!/usr/bin/env python
#
# Public Domain 2014-present MongoDB, Inc.
# Public Domain 2008-2014 WiredTiger, Inc.
#
# This is free and unencumbered software released into the public domain.
#
# Anyone is free to copy, modify, publish, use, compile, sell, or
# distribute this software, either in source code form or as a compiled

            

Reported by Pylint.

Multiple imports on one line (wiredtiger, wttest)
Error

Line: 30 Column: 1

              # OTHER DEALINGS IN THE SOFTWARE.

from suite_subprocess import suite_subprocess
import wiredtiger, wttest

# test_util08.py
#    Utilities: wt copyright
class test_util08(wttest.WiredTigerTestCase, suite_subprocess):
    def test_copyright(self):

            

Reported by Pylint.

third party import "import wiredtiger, wttest" should be placed before "from suite_subprocess import suite_subprocess"
Error

Line: 30 Column: 1

              # OTHER DEALINGS IN THE SOFTWARE.

from suite_subprocess import suite_subprocess
import wiredtiger, wttest

# test_util08.py
#    Utilities: wt copyright
class test_util08(wttest.WiredTigerTestCase, suite_subprocess):
    def test_copyright(self):

            

Reported by Pylint.

Class name "test_util08" doesn't conform to PascalCase naming style
Error

Line: 34 Column: 1

              
# test_util08.py
#    Utilities: wt copyright
class test_util08(wttest.WiredTigerTestCase, suite_subprocess):
    def test_copyright(self):
        """
        Test copyright in a 'wt' process
        """
        outfile = "copyrightout.txt"

            

Reported by Pylint.

Missing class docstring
Error

Line: 34 Column: 1

              
# test_util08.py
#    Utilities: wt copyright
class test_util08(wttest.WiredTigerTestCase, suite_subprocess):
    def test_copyright(self):
        """
        Test copyright in a 'wt' process
        """
        outfile = "copyrightout.txt"

            

Reported by Pylint.

Variable name "f" doesn't conform to snake_case naming style
Error

Line: 41 Column: 36

                      """
        outfile = "copyrightout.txt"
        self.runWt(["copyright"], outfilename=outfile)
        with open(outfile, 'r') as f:
            text = f.read(1000)
            self.assertTrue('Copyright' in text)

if __name__ == '__main__':
    wttest.run()

            

Reported by Pylint.

src/third_party/wiredtiger/test/3rdparty/testtools-0.9.34/testtools/tests/test_helpers.py
7 issues
Missing module docstring
Error

Line: 1 Column: 1

              # Copyright (c) 2010-2012 testtools developers. See LICENSE for details.

from testtools import TestCase
from testtools.tests.helpers import (
    FullStackRunTest,
    hide_testtools_stack,
    is_stack_hidden,
    )


            

Reported by Pylint.

Missing class docstring
Error

Line: 11 Column: 1

                  )


class TestStackHiding(TestCase):

    run_tests_with = FullStackRunTest

    def setUp(self):
        super(TestStackHiding, self).setUp()

            

Reported by Pylint.

Consider using Python 3 style super() without arguments
Error

Line: 16 Column: 9

                  run_tests_with = FullStackRunTest

    def setUp(self):
        super(TestStackHiding, self).setUp()
        self.addCleanup(hide_testtools_stack, is_stack_hidden())

    def test_is_stack_hidden_consistent_true(self):
        hide_testtools_stack(True)
        self.assertEqual(True, is_stack_hidden())

            

Reported by Pylint.

Missing function or method docstring
Error

Line: 19 Column: 5

                      super(TestStackHiding, self).setUp()
        self.addCleanup(hide_testtools_stack, is_stack_hidden())

    def test_is_stack_hidden_consistent_true(self):
        hide_testtools_stack(True)
        self.assertEqual(True, is_stack_hidden())

    def test_is_stack_hidden_consistent_false(self):
        hide_testtools_stack(False)

            

Reported by Pylint.

Missing function or method docstring
Error

Line: 23 Column: 5

                      hide_testtools_stack(True)
        self.assertEqual(True, is_stack_hidden())

    def test_is_stack_hidden_consistent_false(self):
        hide_testtools_stack(False)
        self.assertEqual(False, is_stack_hidden())


def test_suite():

            

Reported by Pylint.

Missing function or method docstring
Error

Line: 28 Column: 1

                      self.assertEqual(False, is_stack_hidden())


def test_suite():
    from unittest import TestLoader
    return TestLoader().loadTestsFromName(__name__)

            

Reported by Pylint.

Import outside toplevel (unittest.TestLoader)
Error

Line: 29 Column: 5

              

def test_suite():
    from unittest import TestLoader
    return TestLoader().loadTestsFromName(__name__)

            

Reported by Pylint.