The following issues were found

src/third_party/wiredtiger/src/conn/conn_tiered.c
7 issues
Expression 'session,ret,ret=__flush_tier_once(session,flags)' depends on order of evaluation of side effects
Error

Line: 402 CWE codes: 768

                        session, WT_WITH_SCHEMA_LOCK(session, ret = __flush_tier_once(session, flags)));
    else
        WT_WITH_CHECKPOINT_LOCK_NOWAIT(session, ret,
          WT_WITH_SCHEMA_LOCK_NOWAIT(session, ret, ret = __flush_tier_once(session, flags)));
    __wt_spin_unlock(session, &conn->flush_tier_lock);
    locked = false;

    if (ret == 0 && LF_ISSET(WT_FLUSH_TIER_ON))
        WT_ERR(__flush_tier_wait(session, cfg));

            

Reported by Cppcheck.

char - Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues
Security

Line: 134 Column: 11 CWE codes: 119 120
Suggestion: Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length

                  size_t len;
    uint64_t now;
    char *config, *newfile;
    const char *cfg[2], *filename;

    config = newfile = NULL;
    if (uri == NULL)
        return (0);
    __wt_verbose(session, WT_VERB_TIERED, "Removing tree %s", uri);

            

Reported by FlawFinder.

char - Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues
Security

Line: 190 Column: 11 CWE codes: 119 120
Suggestion: Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length

                  WT_DECL_RET;
    uint64_t now;
    char *newconfig, *obj_value;
    const char *cfg[3] = {NULL, NULL, NULL};
    bool release, tracking;

    release = tracking = false;
    WT_RET(__wt_scr_alloc(session, 512, &buf));
    dhandle = &tiered->iface;

            

Reported by FlawFinder.

char - Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues
Security

Line: 352 Column: 11 CWE codes: 119 120
Suggestion: Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length

                  WT_CONNECTION_IMPL *conn;
    WT_DECL_RET;
    uint32_t flags;
    const char *cfg[3];
    bool locked, wait;

    conn = S2C(session);
    WT_STAT_CONN_INCR(session, flush_tier);
    if (FLD_ISSET(conn->server_flags, WT_CONN_SERVER_TIERED_MGR))

            

Reported by FlawFinder.

char - Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues
Security

Line: 542 Column: 11 CWE codes: 119 120
Suggestion: Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length

                  WT_ITEM path, tmp;
    WT_SESSION_IMPL *session;
    WT_TIERED_MANAGER *mgr;
    const char *cfg[2];

    session = arg;
    conn = S2C(session);
    mgr = &conn->tiered_mgr;


            

Reported by FlawFinder.

strlen - Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected)
Security

Line: 142 Column: 11 CWE codes: 126

                  __wt_verbose(session, WT_VERB_TIERED, "Removing tree %s", uri);
    filename = uri;
    WT_PREFIX_SKIP_REQUIRED(session, filename, "tiered:");
    len = strlen("file:") + strlen(filename) + 1;
    WT_ERR(__wt_calloc_def(session, len, &newfile));
    WT_ERR(__wt_snprintf(newfile, len, "file:%s", filename));

    /*
     * If the file:URI of the tiered object does not exist, there is nothing to do.

            

Reported by FlawFinder.

strlen - Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected)
Security

Line: 142 Column: 29 CWE codes: 126

                  __wt_verbose(session, WT_VERB_TIERED, "Removing tree %s", uri);
    filename = uri;
    WT_PREFIX_SKIP_REQUIRED(session, filename, "tiered:");
    len = strlen("file:") + strlen(filename) + 1;
    WT_ERR(__wt_calloc_def(session, len, &newfile));
    WT_ERR(__wt_snprintf(newfile, len, "file:%s", filename));

    /*
     * If the file:URI of the tiered object does not exist, there is nothing to do.

            

Reported by FlawFinder.

src/third_party/mozjs-60/extract/js/src/wasm/WasmInstance.cpp
7 issues
memcpy - Does not check for buffer overflows when copying to destination
Security

Line: 674 Column: 13 CWE codes: 120
Suggestion: Make sure destination can always hold the source data

                          SimdConstant simd;
            if (!ToSimdConstant<Int8x16>(cx, v, &simd))
                return false;
            memcpy(&exportArgs[i], simd.asInt8x16(), Simd128DataSize);
            break;
          }
          case ValType::I16x8: {
            SimdConstant simd;
            if (!ToSimdConstant<Int16x8>(cx, v, &simd))

            

Reported by FlawFinder.

memcpy - Does not check for buffer overflows when copying to destination
Security

Line: 681 Column: 13 CWE codes: 120
Suggestion: Make sure destination can always hold the source data

                          SimdConstant simd;
            if (!ToSimdConstant<Int16x8>(cx, v, &simd))
                return false;
            memcpy(&exportArgs[i], simd.asInt16x8(), Simd128DataSize);
            break;
          }
          case ValType::I32x4: {
            SimdConstant simd;
            if (!ToSimdConstant<Int32x4>(cx, v, &simd))

            

Reported by FlawFinder.

memcpy - Does not check for buffer overflows when copying to destination
Security

Line: 688 Column: 13 CWE codes: 120
Suggestion: Make sure destination can always hold the source data

                          SimdConstant simd;
            if (!ToSimdConstant<Int32x4>(cx, v, &simd))
                return false;
            memcpy(&exportArgs[i], simd.asInt32x4(), Simd128DataSize);
            break;
          }
          case ValType::F32x4: {
            SimdConstant simd;
            if (!ToSimdConstant<Float32x4>(cx, v, &simd))

            

Reported by FlawFinder.

memcpy - Does not check for buffer overflows when copying to destination
Security

Line: 695 Column: 13 CWE codes: 120
Suggestion: Make sure destination can always hold the source data

                          SimdConstant simd;
            if (!ToSimdConstant<Float32x4>(cx, v, &simd))
                return false;
            memcpy(&exportArgs[i], simd.asFloat32x4(), Simd128DataSize);
            break;
          }
          case ValType::B8x16: {
            SimdConstant simd;
            if (!ToSimdConstant<Bool8x16>(cx, v, &simd))

            

Reported by FlawFinder.

memcpy - Does not check for buffer overflows when copying to destination
Security

Line: 703 Column: 13 CWE codes: 120
Suggestion: Make sure destination can always hold the source data

                          if (!ToSimdConstant<Bool8x16>(cx, v, &simd))
                return false;
            // Bool8x16 uses the same representation as Int8x16.
            memcpy(&exportArgs[i], simd.asInt8x16(), Simd128DataSize);
            break;
          }
          case ValType::B16x8: {
            SimdConstant simd;
            if (!ToSimdConstant<Bool16x8>(cx, v, &simd))

            

Reported by FlawFinder.

memcpy - Does not check for buffer overflows when copying to destination
Security

Line: 711 Column: 13 CWE codes: 120
Suggestion: Make sure destination can always hold the source data

                          if (!ToSimdConstant<Bool16x8>(cx, v, &simd))
                return false;
            // Bool16x8 uses the same representation as Int16x8.
            memcpy(&exportArgs[i], simd.asInt16x8(), Simd128DataSize);
            break;
          }
          case ValType::B32x4: {
            SimdConstant simd;
            if (!ToSimdConstant<Bool32x4>(cx, v, &simd))

            

Reported by FlawFinder.

memcpy - Does not check for buffer overflows when copying to destination
Security

Line: 719 Column: 13 CWE codes: 120
Suggestion: Make sure destination can always hold the source data

                          if (!ToSimdConstant<Bool32x4>(cx, v, &simd))
                return false;
            // Bool32x4 uses the same representation as Int32x4.
            memcpy(&exportArgs[i], simd.asInt32x4(), Simd128DataSize);
            break;
          }
        }
    }


            

Reported by FlawFinder.

src/third_party/wiredtiger/test/suite/test_bug015.py
7 issues
Unable to import 'wiredtiger'
Error

Line: 29 Column: 1

              # ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR
# OTHER DEALINGS IN THE SOFTWARE.

import wiredtiger, wttest

# test_bug015.py
#    JIRA WT-2162: index drop in a certain order triggers NULL pointer deref
class test_bug015(wttest.WiredTigerTestCase):
    def test_bug015(self):

            

Reported by Pylint.

Unused import wiredtiger
Error

Line: 29 Column: 1

              # ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR
# OTHER DEALINGS IN THE SOFTWARE.

import wiredtiger, wttest

# test_bug015.py
#    JIRA WT-2162: index drop in a certain order triggers NULL pointer deref
class test_bug015(wttest.WiredTigerTestCase):
    def test_bug015(self):

            

Reported by Pylint.

Missing module docstring
Error

Line: 1 Column: 1

              #!/usr/bin/env python
#
# Public Domain 2014-present MongoDB, Inc.
# Public Domain 2008-2014 WiredTiger, Inc.
#
# This is free and unencumbered software released into the public domain.
#
# Anyone is free to copy, modify, publish, use, compile, sell, or
# distribute this software, either in source code form or as a compiled

            

Reported by Pylint.

Multiple imports on one line (wiredtiger, wttest)
Error

Line: 29 Column: 1

              # ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR
# OTHER DEALINGS IN THE SOFTWARE.

import wiredtiger, wttest

# test_bug015.py
#    JIRA WT-2162: index drop in a certain order triggers NULL pointer deref
class test_bug015(wttest.WiredTigerTestCase):
    def test_bug015(self):

            

Reported by Pylint.

Missing class docstring
Error

Line: 33 Column: 1

              
# test_bug015.py
#    JIRA WT-2162: index drop in a certain order triggers NULL pointer deref
class test_bug015(wttest.WiredTigerTestCase):
    def test_bug015(self):
        table = 'table:test_bug015'
        idx1 = 'index:test_bug015:aab'
        idx2 = 'index:test_bug015:aaa'
        self.session.create(table, "columns=(k,v)")

            

Reported by Pylint.

Class name "test_bug015" doesn't conform to PascalCase naming style
Error

Line: 33 Column: 1

              
# test_bug015.py
#    JIRA WT-2162: index drop in a certain order triggers NULL pointer deref
class test_bug015(wttest.WiredTigerTestCase):
    def test_bug015(self):
        table = 'table:test_bug015'
        idx1 = 'index:test_bug015:aab'
        idx2 = 'index:test_bug015:aaa'
        self.session.create(table, "columns=(k,v)")

            

Reported by Pylint.

Missing function or method docstring
Error

Line: 34 Column: 5

              # test_bug015.py
#    JIRA WT-2162: index drop in a certain order triggers NULL pointer deref
class test_bug015(wttest.WiredTigerTestCase):
    def test_bug015(self):
        table = 'table:test_bug015'
        idx1 = 'index:test_bug015:aab'
        idx2 = 'index:test_bug015:aaa'
        self.session.create(table, "columns=(k,v)")
        self.session.create(idx1, "columns=(v)")

            

Reported by Pylint.

src/third_party/wiredtiger/test/suite/test_bug006.py
7 issues
Unable to import 'wiredtiger'
Error

Line: 32 Column: 1

              # test_bug006.py
#       Regression tests.

import wiredtiger, wttest
from wtdataset import SimpleDataSet, simple_key, simple_value
from wtscenario import make_scenarios

# Check that verify and salvage both raise exceptions if there is an open
# cursor.

            

Reported by Pylint.

Unused SimpleDataSet imported from wtdataset
Error

Line: 33 Column: 1

              #       Regression tests.

import wiredtiger, wttest
from wtdataset import SimpleDataSet, simple_key, simple_value
from wtscenario import make_scenarios

# Check that verify and salvage both raise exceptions if there is an open
# cursor.
class test_bug006(wttest.WiredTigerTestCase):

            

Reported by Pylint.

Missing module docstring
Error

Line: 1 Column: 1

              #!/usr/bin/env python
#
# Public Domain 2014-present MongoDB, Inc.
# Public Domain 2008-2014 WiredTiger, Inc.
#
# This is free and unencumbered software released into the public domain.
#
# Anyone is free to copy, modify, publish, use, compile, sell, or
# distribute this software, either in source code form or as a compiled

            

Reported by Pylint.

Multiple imports on one line (wiredtiger, wttest)
Error

Line: 32 Column: 1

              # test_bug006.py
#       Regression tests.

import wiredtiger, wttest
from wtdataset import SimpleDataSet, simple_key, simple_value
from wtscenario import make_scenarios

# Check that verify and salvage both raise exceptions if there is an open
# cursor.

            

Reported by Pylint.

Class name "test_bug006" doesn't conform to PascalCase naming style
Error

Line: 38 Column: 1

              
# Check that verify and salvage both raise exceptions if there is an open
# cursor.
class test_bug006(wttest.WiredTigerTestCase):
    name = 'test_bug006'
    scenarios = make_scenarios([
        ('file', dict(uri='file:')),
        ('table', dict(uri='table:')),
    ])

            

Reported by Pylint.

Missing class docstring
Error

Line: 38 Column: 1

              
# Check that verify and salvage both raise exceptions if there is an open
# cursor.
class test_bug006(wttest.WiredTigerTestCase):
    name = 'test_bug006'
    scenarios = make_scenarios([
        ('file', dict(uri='file:')),
        ('table', dict(uri='table:')),
    ])

            

Reported by Pylint.

Missing function or method docstring
Error

Line: 45 Column: 5

                      ('table', dict(uri='table:')),
    ])

    def test_bug006(self):
        uri = self.uri + self.name
        self.session.create(uri, 'value_format=S,key_format=S')
        cursor = self.session.open_cursor(uri, None)
        for i in range(1, 1000):
            cursor[simple_key(cursor, i)] = simple_value(cursor, i)

            

Reported by Pylint.

src/third_party/mozjs-60/extract/js/src/vm/TypeInference.cpp
7 issues
vfprintf - If format strings can be influenced by an attacker, they can be exploited
Security

Line: 237 Column: 5 CWE codes: 134
Suggestion: Use a constant for the format specification

                  va_list ap;
    va_start(ap, fmt);
    fprintf(stderr, "[infer] ");
    vfprintf(stderr, fmt, ap);
    fprintf(stderr, "\n");
    va_end(ap);
}
#endif


            

Reported by FlawFinder.

getenv - Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once
Security

Line: 167 Column: 27 CWE codes: 807 20
Suggestion: Check environment variables carefully before using them

                  if (!checked) {
        checked = true;
        PodArrayZero(active);
        const char* env = getenv("INFERFLAGS");
        if (!env)
            return false;
        if (strstr(env, "ops"))
            active[ISpewOps] = true;
        if (strstr(env, "result"))

            

Reported by FlawFinder.

getenv - Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once
Security

Line: 189 Column: 27 CWE codes: 807 20
Suggestion: Check environment variables carefully before using them

                  static bool checked = false;
    if (!checked) {
        checked = true;
        const char* env = getenv("TERM");
        if (!env)
            return false;
        if (strcmp(env, "xterm-color") == 0 || strcmp(env, "xterm-256color") == 0)
            colorable = true;
    }

            

Reported by FlawFinder.

char - Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues
Security

Line: 80 Column: 12 CWE codes: 119 120
Suggestion: Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length

                      return "(new)";
    if (JSID_IS_SYMBOL(id))
        return "(symbol)";
    static char bufs[4][100];
    static unsigned which = 0;
    which = (which + 1) & 3;
    PutEscapedString(bufs[which], 100, JSID_TO_FLAT_STRING(id), 0);
    return bufs[which];
}

            

Reported by FlawFinder.

char - Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues
Security

Line: 140 Column: 5 CWE codes: 119 120
Suggestion: Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length

                  if (type.isPrimitive() || type.isUnknown() || type.isAnyObject())
        return MakeStringCopy(NonObjectTypeString(type));

    char buf[100];
    if (type.isSingleton()) {
        JSObject* singleton = type.singletonNoBarrier();
        SprintfLiteral(buf, "<%s %#" PRIxPTR ">", singleton->getClass()->name, uintptr_t(singleton));
    } else {
        SprintfLiteral(buf, "[%s * %#" PRIxPTR "]", type.groupNoBarrier()->clasp()->name, uintptr_t(type.groupNoBarrier()));

            

Reported by FlawFinder.

char - Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues
Security

Line: 247 Column: 5 CWE codes: 119 120
Suggestion: Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length

              MOZ_FORMAT_PRINTF(2, 3)
TypeFailure(JSContext* cx, const char* fmt, ...)
{
    char msgbuf[1024]; /* Larger error messages will be truncated */
    char errbuf[1024];

    va_list ap;
    va_start(ap, fmt);
    VsprintfLiteral(errbuf, fmt, ap);

            

Reported by FlawFinder.

char - Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues
Security

Line: 248 Column: 5 CWE codes: 119 120
Suggestion: Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length

              TypeFailure(JSContext* cx, const char* fmt, ...)
{
    char msgbuf[1024]; /* Larger error messages will be truncated */
    char errbuf[1024];

    va_list ap;
    va_start(ap, fmt);
    VsprintfLiteral(errbuf, fmt, ap);
    va_end(ap);

            

Reported by FlawFinder.

src/mongo/transport/session_asio.cpp
7 issues
memcpy - Does not check for buffer overflows when copying to destination
Security

Line: 404 Column: 13 CWE codes: 120
Suggestion: Make sure destination can always hold the source data

                          }

            auto buffer = SharedBuffer::allocate(msgLen);
            memcpy(buffer.get(), headerBuffer.get(), kHeaderSize);

            MsgData::View msgView(buffer.get());
            return read(asio::buffer(msgView.data(), msgView.dataLen()), baton)
                .then([this, buffer = std::move(buffer), msgLen]() mutable {
                    if (_isIngressSession) {

            

Reported by FlawFinder.

read - Check buffer boundaries if used in a loop including recursive loops
Security

Line: 373 Column: 12 CWE codes: 120 20

              
    auto headerBuffer = SharedBuffer::allocate(kHeaderSize);
    auto ptr = headerBuffer.get();
    return read(asio::buffer(ptr, kHeaderSize), baton)
        .then([headerBuffer = std::move(headerBuffer), this, baton]() mutable {
            if (checkForHTTPRequest(asio::buffer(headerBuffer.get(), kHeaderSize))) {
                return sendHTTPResponse(baton);
            }


            

Reported by FlawFinder.

read - Check buffer boundaries if used in a loop including recursive loops
Security

Line: 407 Column: 20 CWE codes: 120 20

                          memcpy(buffer.get(), headerBuffer.get(), kHeaderSize);

            MsgData::View msgView(buffer.get());
            return read(asio::buffer(msgView.data(), msgView.dataLen()), baton)
                .then([this, buffer = std::move(buffer), msgLen]() mutable {
                    if (_isIngressSession) {
                        networkCounter.hitPhysicalIn(msgLen);
                    }
                    return Message(std::move(buffer));

            

Reported by FlawFinder.

read - Check buffer boundaries if used in a loop including recursive loops
Security

Line: 418 Column: 47 CWE codes: 120 20

              }

template <typename MutableBufferSequence>
Future<void> TransportLayerASIO::ASIOSession::read(const MutableBufferSequence& buffers,
                                                   const BatonHandle& baton) {
    // TODO SERVER-47229 Guard active ops for cancellation here.
#ifdef MONGO_CONFIG_SSL
    if (_sslSocket) {
        return opportunisticRead(*_sslSocket, buffers, baton);

            

Reported by FlawFinder.

read - Check buffer boundaries if used in a loop including recursive loops
Security

Line: 434 Column: 28 CWE codes: 120 20

                          })
            .then([this, buffers, baton](bool needsRead) mutable {
                if (needsRead) {
                    return read(buffers, baton);
                } else {
                    return Future<void>::makeReady();
                }
            });
    }

            

Reported by FlawFinder.

read - Check buffer boundaries if used in a loop including recursive loops
Security

Line: 484 Column: 26 CWE codes: 120 20

                      }

        do {
            size = asio::read(stream, localBuffer, ec);
        } while (ec == asio::error::interrupted);  // retry syscall EINTR

        if (!ec && buffers.size() > 1) {
            ec = asio::error::would_block;
        }

            

Reported by FlawFinder.

read - Check buffer boundaries if used in a loop including recursive loops
Security

Line: 492 Column: 26 CWE codes: 120 20

                      }
    } else {
        do {
            size = asio::read(stream, buffers, ec);
        } while (ec == asio::error::interrupted);  // retry syscall EINTR
    }

    if (((ec == asio::error::would_block) || (ec == asio::error::try_again)) &&
        (_blockingMode == Async)) {

            

Reported by FlawFinder.

src/third_party/mozjs-60/extract/mozglue/misc/StackWalk.cpp
7 issues
InitializeCriticalSection - Exceptions can be thrown in low-memory situations
Security

Line: 188 Column: 5 CWE codes:
Suggestion: Use InitializeCriticalSectionAndSpinCount instead

                if (initialized) {
    return;
  }
  ::InitializeCriticalSection(&gDbgHelpCS);
  initialized = true;
}

static unsigned int WINAPI WalkStackThread(void* aData);


            

Reported by FlawFinder.

strncpy - Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned]
Security

Line: 789 Column: 5 CWE codes: 120

                modInfoRes = SymGetModuleInfoEspecial64(myProcess, addr, &modInfo, &lineInfo);

  if (modInfoRes) {
    strncpy(aDetails->library, modInfo.LoadedImageName,
                sizeof(aDetails->library));
    aDetails->library[mozilla::ArrayLength(aDetails->library) - 1] = '\0';
    aDetails->loffset = (char*)aPC - (char*)modInfo.BaseOfImage;

    if (lineInfo.FileName) {

            

Reported by FlawFinder.

strncpy - Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned]
Security

Line: 795 Column: 7 CWE codes: 120

                  aDetails->loffset = (char*)aPC - (char*)modInfo.BaseOfImage;

    if (lineInfo.FileName) {
      strncpy(aDetails->filename, lineInfo.FileName,
                  sizeof(aDetails->filename));
      aDetails->filename[mozilla::ArrayLength(aDetails->filename) - 1] = '\0';
      aDetails->lineno = lineInfo.LineNumber;
    }
  }

            

Reported by FlawFinder.

strncpy - Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned]
Security

Line: 812 Column: 5 CWE codes: 120

                ok = SymFromAddr(myProcess, addr, &displacement, pSymbol);

  if (ok) {
    strncpy(aDetails->function, pSymbol->Name,
                sizeof(aDetails->function));
    aDetails->function[mozilla::ArrayLength(aDetails->function) - 1] = '\0';
    aDetails->foffset = static_cast<ptrdiff_t>(displacement);
  }


            

Reported by FlawFinder.

strncpy - Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned]
Security

Line: 854 Column: 5 CWE codes: 120

                char* demangled = abi::__cxa_demangle(aSymbol, 0, 0, 0);

  if (demangled) {
    strncpy(aBuffer, demangled, aBufLen);
    aBuffer[aBufLen - 1] = '\0';
    free(demangled);
  }
#endif // MOZ_DEMANGLE_SYMBOLS
}

            

Reported by FlawFinder.

strncpy - Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned]
Security

Line: 981 Column: 3 CWE codes: 120

                  return true;
  }

  strncpy(aDetails->library, info.dli_fname, sizeof(aDetails->library));
  aDetails->library[mozilla::ArrayLength(aDetails->library) - 1] = '\0';
  aDetails->loffset = (char*)aPC - (char*)info.dli_fbase;

  const char* symbol = info.dli_sname;
  if (!symbol || symbol[0] == '\0') {

            

Reported by FlawFinder.

strncpy - Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned]
Security

Line: 994 Column: 5 CWE codes: 120

              
  if (aDetails->function[0] == '\0') {
    // Just use the mangled symbol if demangling failed.
    strncpy(aDetails->function, symbol, sizeof(aDetails->function));
    aDetails->function[mozilla::ArrayLength(aDetails->function) - 1] = '\0';
  }

  aDetails->foffset = (char*)aPC - (char*)info.dli_saddr;
  return true;

            

Reported by FlawFinder.

src/third_party/wiredtiger/test/suite/test_bug007.py
7 issues
Unable to import 'wiredtiger'
Error

Line: 32 Column: 1

              # test_bug007.py
#       Regression tests.

import wiredtiger, wttest

# Check that forced salvage works correctly.
class test_bug007(wttest.WiredTigerTestCase):
    def test_bug007(self):
        # This is a btree layer test, test files only.

            

Reported by Pylint.

Missing module docstring
Error

Line: 1 Column: 1

              #!/usr/bin/env python
#
# Public Domain 2014-present MongoDB, Inc.
# Public Domain 2008-2014 WiredTiger, Inc.
#
# This is free and unencumbered software released into the public domain.
#
# Anyone is free to copy, modify, publish, use, compile, sell, or
# distribute this software, either in source code form or as a compiled

            

Reported by Pylint.

Multiple imports on one line (wiredtiger, wttest)
Error

Line: 32 Column: 1

              # test_bug007.py
#       Regression tests.

import wiredtiger, wttest

# Check that forced salvage works correctly.
class test_bug007(wttest.WiredTigerTestCase):
    def test_bug007(self):
        # This is a btree layer test, test files only.

            

Reported by Pylint.

Missing class docstring
Error

Line: 35 Column: 1

              import wiredtiger, wttest

# Check that forced salvage works correctly.
class test_bug007(wttest.WiredTigerTestCase):
    def test_bug007(self):
        # This is a btree layer test, test files only.
        uri = 'file:test_bug007'

        # Create the object.

            

Reported by Pylint.

Class name "test_bug007" doesn't conform to PascalCase naming style
Error

Line: 35 Column: 1

              import wiredtiger, wttest

# Check that forced salvage works correctly.
class test_bug007(wttest.WiredTigerTestCase):
    def test_bug007(self):
        # This is a btree layer test, test files only.
        uri = 'file:test_bug007'

        # Create the object.

            

Reported by Pylint.

Missing function or method docstring
Error

Line: 36 Column: 5

              
# Check that forced salvage works correctly.
class test_bug007(wttest.WiredTigerTestCase):
    def test_bug007(self):
        # This is a btree layer test, test files only.
        uri = 'file:test_bug007'

        # Create the object.
        self.session.create(uri, 'value_format=S,key_format=S')

            

Reported by Pylint.

Variable name "f" doesn't conform to snake_case naming style
Error

Line: 47 Column: 9

              
        # Force is required if a file doesn't have a reasonable header.
        # Overwrite the file with random data.
        f = open('test_bug007', 'w')
        f.write('random data' * 100)
        f.close()

        # Salvage should fail.
        self.assertRaisesWithMessage(

            

Reported by Pylint.

src/third_party/wiredtiger/test/suite/test_util17.py
7 issues
Unable to import 'wiredtiger'
Error

Line: 31 Column: 1

              
import os
from suite_subprocess import suite_subprocess
import wiredtiger, wttest

# test_util17.py
#    Utilities: wt stat
class test_util17(wttest.WiredTigerTestCase, suite_subprocess):
    tablename = 'test_util17.a'

            

Reported by Pylint.

Unused import wiredtiger
Error

Line: 31 Column: 1

              
import os
from suite_subprocess import suite_subprocess
import wiredtiger, wttest

# test_util17.py
#    Utilities: wt stat
class test_util17(wttest.WiredTigerTestCase, suite_subprocess):
    tablename = 'test_util17.a'

            

Reported by Pylint.

Missing module docstring
Error

Line: 1 Column: 1

              #!/usr/bin/env python
#
# Public Domain 2014-present MongoDB, Inc.
# Public Domain 2008-2014 WiredTiger, Inc.
#
# This is free and unencumbered software released into the public domain.
#
# Anyone is free to copy, modify, publish, use, compile, sell, or
# distribute this software, either in source code form or as a compiled

            

Reported by Pylint.

third party import "import wiredtiger, wttest" should be placed before "from suite_subprocess import suite_subprocess"
Error

Line: 31 Column: 1

              
import os
from suite_subprocess import suite_subprocess
import wiredtiger, wttest

# test_util17.py
#    Utilities: wt stat
class test_util17(wttest.WiredTigerTestCase, suite_subprocess):
    tablename = 'test_util17.a'

            

Reported by Pylint.

Multiple imports on one line (wiredtiger, wttest)
Error

Line: 31 Column: 1

              
import os
from suite_subprocess import suite_subprocess
import wiredtiger, wttest

# test_util17.py
#    Utilities: wt stat
class test_util17(wttest.WiredTigerTestCase, suite_subprocess):
    tablename = 'test_util17.a'

            

Reported by Pylint.

Class name "test_util17" doesn't conform to PascalCase naming style
Error

Line: 35 Column: 1

              
# test_util17.py
#    Utilities: wt stat
class test_util17(wttest.WiredTigerTestCase, suite_subprocess):
    tablename = 'test_util17.a'

    def test_stat_process(self):
        """
        Test stat in a 'wt' process

            

Reported by Pylint.

Missing class docstring
Error

Line: 35 Column: 1

              
# test_util17.py
#    Utilities: wt stat
class test_util17(wttest.WiredTigerTestCase, suite_subprocess):
    tablename = 'test_util17.a'

    def test_stat_process(self):
        """
        Test stat in a 'wt' process

            

Reported by Pylint.

src/third_party/wiredtiger/ext/encryptors/rotn/rotn_encrypt.c
6 issues
Memory leak: rotn_encryptor
Error

Line: 375 CWE codes: 401

                  rotn_encryptor->rot_N = keyid_val;

    *customp = (WT_ENCRYPTOR *)rotn_encryptor;
    return (0);

err:
    free(rotn_encryptor->keyid);
    free(rotn_encryptor->secretkey);
    free(rotn_encryptor->shift_forw);

            

Reported by Cppcheck.

memcpy - Does not check for buffer overflows when copying to destination
Security

Line: 196 Column: 5 CWE codes: 120
Suggestion: Make sure destination can always hold the source data

                   * checksum and initialize the IV here.
     */
    i = CHKSUM_LEN + IV_LEN;
    memcpy(&dst[i], &src[0], src_len);
    /*
     * Depending on whether we have a secret key or not, call the common rotate or shift function on
     * the text portion of the destination buffer. Send in src_len as the length of the text.
     */
    if (rotn_encryptor->shift_len == 0)

            

Reported by FlawFinder.

memcpy - Does not check for buffer overflows when copying to destination
Security

Line: 252 Column: 5 CWE codes: 120
Suggestion: Make sure destination can always hold the source data

                   * Copy the encrypted data to the destination buffer and then decrypt the destination buffer.
     */
    i = CHKSUM_LEN + IV_LEN;
    memcpy(&dst[0], &src[i], mylen);
    /*
     * Depending on whether we have a secret key or not, call the common rotate or shift function on
     * the text portion of the destination buffer. Send in dst_len as the length of the text.
     */
    /*

            

Reported by FlawFinder.

atoi - Unless checked, the resulting number can exceed the expected range
Security

Line: 321 Column: 26 CWE codes: 190
Suggestion: If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended)

                      /*
         * In this demonstration, we expect keyid to be a number.
         */
        if ((keyid_val = atoi(keyid.str)) < 0) {
            ret = rotn_error(rotn_encryptor, NULL, EINVAL, "rotn_customize: invalid keyid");
            goto err;
        }
        if ((rotn_encryptor->keyid = malloc(keyid.len + 1)) == NULL) {
            ret = errno;

            

Reported by FlawFinder.

strncpy - Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned]
Security

Line: 329 Column: 9 CWE codes: 120

                          ret = errno;
            goto err;
        }
        strncpy(rotn_encryptor->keyid, keyid.str, keyid.len + 1);
        rotn_encryptor->keyid[keyid.len] = '\0';
    }

    /*
     * In this demonstration, the secret key must be alphabetic characters. We stash the secret key

            

Reported by FlawFinder.

strncpy - Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned]
Security

Line: 364 Column: 9 CWE codes: 120

                          rotn_encryptor->shift_back[i] = base - (u_char)secret.str[i];
        }
        rotn_encryptor->shift_len = len;
        strncpy(rotn_encryptor->secretkey, secret.str, secret.len + 1);
        rotn_encryptor->secretkey[secret.len] = '\0';
    }

    /*
     * In a real encryptor, we could use some sophisticated key management here to map the keyid

            

Reported by FlawFinder.