The following issues were found
src/third_party/wiredtiger/test/bloom/test_bloom.c
6 issues
Line: 77
Column: 32
CWE codes:
190
Suggestion:
If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended)
while ((ch = __wt_getopt(progname, argc, argv, "c:f:k:o:")) != EOF)
switch (ch) {
case 'c': /* Cache size */
g.c_cache = (u_int)atoi(__wt_optarg);
break;
case 'f': /* Factor */
g.c_factor = (u_int)atoi(__wt_optarg);
break;
case 'k': /* Number of hash functions */
Reported by FlawFinder.
Line: 80
Column: 33
CWE codes:
190
Suggestion:
If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended)
g.c_cache = (u_int)atoi(__wt_optarg);
break;
case 'f': /* Factor */
g.c_factor = (u_int)atoi(__wt_optarg);
break;
case 'k': /* Number of hash functions */
g.c_k = (u_int)atoi(__wt_optarg);
break;
case 'o': /* Number of ops */
Reported by FlawFinder.
Line: 83
Column: 28
CWE codes:
190
Suggestion:
If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended)
g.c_factor = (u_int)atoi(__wt_optarg);
break;
case 'k': /* Number of hash functions */
g.c_k = (u_int)atoi(__wt_optarg);
break;
case 'o': /* Number of ops */
g.c_ops = (u_int)atoi(__wt_optarg);
break;
default:
Reported by FlawFinder.
Line: 86
Column: 30
CWE codes:
190
Suggestion:
If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended)
g.c_k = (u_int)atoi(__wt_optarg);
break;
case 'o': /* Number of ops */
g.c_ops = (u_int)atoi(__wt_optarg);
break;
default:
usage();
}
Reported by FlawFinder.
Line: 108
Column: 5
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
{
WT_CONNECTION *conn;
WT_SESSION *session;
char config[512];
static char home[HOME_SIZE]; /* Base home directory */
testutil_work_dir_from_path(home, HOME_SIZE, "WT_TEST");
/* Clean the test directory if it already exists. */
Reported by FlawFinder.
Line: 109
Column: 12
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
WT_CONNECTION *conn;
WT_SESSION *session;
char config[512];
static char home[HOME_SIZE]; /* Base home directory */
testutil_work_dir_from_path(home, HOME_SIZE, "WT_TEST");
/* Clean the test directory if it already exists. */
testutil_clean_work_dir(home);
Reported by FlawFinder.
src/third_party/wiredtiger/test/csuite/scope/main.c
6 issues
Line: 59
Column: 13
CWE codes:
120
Suggestion:
Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused)
if (recno) \
cursor->set_key(cursor, (uint64_t)1); \
else { \
strcpy(keybuf, KEY); \
cursor->set_key(cursor, keybuf); \
} \
} while (0)
#define SET_VALUE \
do { \
Reported by FlawFinder.
Line: 65
Column: 9
CWE codes:
120
Suggestion:
Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused)
} while (0)
#define SET_VALUE \
do { \
strcpy(valuebuf, VALUE); \
if (vstring) \
cursor->set_value(cursor, valuebuf); \
else { \
vu.size = strlen(vu.data = valuebuf); \
cursor->set_value(cursor, &vu); \
Reported by FlawFinder.
Line: 143
Column: 5
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
WT_ITEM vu;
uint64_t keyr;
const char *key, *vs;
char keybuf[100], valuebuf[100];
int exact;
bool recno, rollback, vstring;
cursor = NULL;
for (op = ops; op->op != NULL; op++) {
Reported by FlawFinder.
Line: 69
Column: 23
CWE codes:
126
if (vstring) \
cursor->set_value(cursor, valuebuf); \
else { \
vu.size = strlen(vu.data = valuebuf); \
cursor->set_value(cursor, &vu); \
} \
} while (0)
static void
Reported by FlawFinder.
Line: 326
Column: 44
CWE codes:
126
} else {
testutil_assert(cursor->get_value(cursor, &vu) == 0);
testutil_assert(vu.data != valuebuf);
testutil_assert(vu.size == strlen(VALUE));
testutil_assert(memcmp(vu.data, VALUE, strlen(VALUE)) == 0);
}
break;
}
Reported by FlawFinder.
Line: 327
Column: 56
CWE codes:
126
testutil_assert(cursor->get_value(cursor, &vu) == 0);
testutil_assert(vu.data != valuebuf);
testutil_assert(vu.size == strlen(VALUE));
testutil_assert(memcmp(vu.data, VALUE, strlen(VALUE)) == 0);
}
break;
}
if (rollback)
Reported by FlawFinder.
src/third_party/abseil-cpp-master/abseil-cpp/absl/strings/str_cat.cc
6 issues
Line: 98
Column: 13
CWE codes:
120
return after;
}
std::string StrCat(const AlphaNum& a, const AlphaNum& b) {
std::string result;
absl::strings_internal::STLStringResizeUninitialized(&result,
a.size() + b.size());
char* const begin = &result[0];
char* out = begin;
Reported by FlawFinder.
Line: 110
Column: 13
CWE codes:
120
return result;
}
std::string StrCat(const AlphaNum& a, const AlphaNum& b, const AlphaNum& c) {
std::string result;
strings_internal::STLStringResizeUninitialized(
&result, a.size() + b.size() + c.size());
char* const begin = &result[0];
char* out = begin;
Reported by FlawFinder.
Line: 123
Column: 13
CWE codes:
120
return result;
}
std::string StrCat(const AlphaNum& a, const AlphaNum& b, const AlphaNum& c,
const AlphaNum& d) {
std::string result;
strings_internal::STLStringResizeUninitialized(
&result, a.size() + b.size() + c.size() + d.size());
char* const begin = &result[0];
Reported by FlawFinder.
Line: 93
Column: 5
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
// call would force an extra fetch of x.size().
char* after = out + x.size();
if (x.size() != 0) {
memcpy(out, x.data(), x.size());
}
return after;
}
std::string StrCat(const AlphaNum& a, const AlphaNum& b) {
Reported by FlawFinder.
Line: 152
Column: 7
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
for (const absl::string_view& piece : pieces) {
const size_t this_size = piece.size();
if (this_size != 0) {
memcpy(out, piece.data(), this_size);
out += this_size;
}
}
assert(out == begin + result.size());
return result;
Reported by FlawFinder.
Line: 184
Column: 7
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
for (const absl::string_view& piece : pieces) {
const size_t this_size = piece.size();
if (this_size != 0) {
memcpy(out, piece.data(), this_size);
out += this_size;
}
}
assert(out == begin + dest->size());
}
Reported by FlawFinder.
src/third_party/scons-3.1.2/scons-local-3.1.2/SCons/Tool/aixf77.py
6 issues
Line: 39
Column: 1
#import SCons.Platform.aix
from . import f77
# It would be good to look for the AIX F77 package the same way we're now
# looking for the C and C++ packages. This should be as easy as supplying
# the correct package names in the following list and uncommenting the
# SCons.Platform.aix_get_xlc() call in the function below.
Reported by Pylint.
Line: 58
Column: 25
Add Builders and construction variables for the Visual Age FORTRAN
compiler to an Environment.
"""
path, _f77, _shf77, version = get_xlf77(env)
if path:
_f77 = os.path.join(path, _f77)
_shf77 = os.path.join(path, _shf77)
f77.generate(env)
Reported by Pylint.
Line: 69
Column: 25
env['SHF77'] = _shf77
def exists(env):
path, _f77, _shf77, version = get_xlf77(env)
if path and _f77:
xlf77 = os.path.join(path, _f77)
if os.path.exists(xlf77):
return xlf77
return None
Reported by Pylint.
Line: 33
Column: 1
# WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
#
__revision__ = "src/engine/SCons/Tool/aixf77.py bee7caf9defd6e108fc2998a2520ddb36a967691 2019-12-17 02:07:09 bdeegan"
import os.path
#import SCons.Platform.aix
Reported by Pylint.
Line: 47
Column: 1
# SCons.Platform.aix_get_xlc() call in the function below.
packages = []
def get_xlf77(env):
xlf77 = env.get('F77', 'xlf77')
xlf77_r = env.get('SHF77', 'xlf77_r')
#return SCons.Platform.aix.get_xlc(env, xlf77, xlf77_r, packages)
return (None, xlf77, xlf77_r, None)
Reported by Pylint.
Line: 68
Column: 1
env['F77'] = _f77
env['SHF77'] = _shf77
def exists(env):
path, _f77, _shf77, version = get_xlf77(env)
if path and _f77:
xlf77 = os.path.join(path, _f77)
if os.path.exists(xlf77):
return xlf77
Reported by Pylint.
src/third_party/abseil-cpp-master/abseil-cpp/absl/numeric/int128_test.cc
6 issues
Line: 56
TYPED_TEST_SUITE(Uint128IntegerTraitsTest, IntegerTypes);
TYPED_TEST(Uint128IntegerTraitsTest, ConstructAssignTest) {
static_assert(std::is_constructible<absl::uint128, TypeParam>::value,
"absl::uint128 must be constructible from TypeParam");
static_assert(std::is_assignable<absl::uint128&, TypeParam>::value,
"absl::uint128 must be assignable from TypeParam");
static_assert(!std::is_assignable<TypeParam&, absl::uint128>::value,
Reported by Cppcheck.
Line: 421
Column: 20
CWE codes:
327
Suggestion:
Use a more secure technique for acquiring random values
TEST(Uint128, DivideAndModRandomInputs) {
const int kNumIters = 1 << 18;
std::minstd_rand random(testing::UnitTest::GetInstance()->random_seed());
std::uniform_int_distribution<uint64_t> uniform_uint64;
for (int i = 0; i < kNumIters; ++i) {
const absl::uint128 a =
absl::MakeUint128(uniform_uint64(random), uniform_uint64(random));
const absl::uint128 b =
Reported by FlawFinder.
Line: 425
Column: 66
CWE codes:
327
Suggestion:
Use a more secure technique for acquiring random values
std::uniform_int_distribution<uint64_t> uniform_uint64;
for (int i = 0; i < kNumIters; ++i) {
const absl::uint128 a =
absl::MakeUint128(uniform_uint64(random), uniform_uint64(random));
const absl::uint128 b =
absl::MakeUint128(uniform_uint64(random), uniform_uint64(random));
if (b == 0) {
continue; // Avoid a div-by-zero.
}
Reported by FlawFinder.
Line: 425
Column: 42
CWE codes:
327
Suggestion:
Use a more secure technique for acquiring random values
std::uniform_int_distribution<uint64_t> uniform_uint64;
for (int i = 0; i < kNumIters; ++i) {
const absl::uint128 a =
absl::MakeUint128(uniform_uint64(random), uniform_uint64(random));
const absl::uint128 b =
absl::MakeUint128(uniform_uint64(random), uniform_uint64(random));
if (b == 0) {
continue; // Avoid a div-by-zero.
}
Reported by FlawFinder.
Line: 427
Column: 66
CWE codes:
327
Suggestion:
Use a more secure technique for acquiring random values
const absl::uint128 a =
absl::MakeUint128(uniform_uint64(random), uniform_uint64(random));
const absl::uint128 b =
absl::MakeUint128(uniform_uint64(random), uniform_uint64(random));
if (b == 0) {
continue; // Avoid a div-by-zero.
}
const absl::uint128 q = a / b;
const absl::uint128 r = a % b;
Reported by FlawFinder.
Line: 427
Column: 42
CWE codes:
327
Suggestion:
Use a more secure technique for acquiring random values
const absl::uint128 a =
absl::MakeUint128(uniform_uint64(random), uniform_uint64(random));
const absl::uint128 b =
absl::MakeUint128(uniform_uint64(random), uniform_uint64(random));
if (b == 0) {
continue; // Avoid a div-by-zero.
}
const absl::uint128 q = a / b;
const absl::uint128 r = a % b;
Reported by FlawFinder.
src/third_party/wiredtiger/test/suite/test_excl.py
6 issues
Line: 29
Column: 1
# ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR
# OTHER DEALINGS IN THE SOFTWARE.
import wiredtiger, wttest
from wtscenario import make_scenarios
# Test session.create with the exclusive configuration.
class test_create_excl(wttest.WiredTigerTestCase):
scenarios = make_scenarios([
Reported by Pylint.
Line: 1
Column: 1
#!/usr/bin/env python
#
# Public Domain 2014-present MongoDB, Inc.
# Public Domain 2008-2014 WiredTiger, Inc.
#
# This is free and unencumbered software released into the public domain.
#
# Anyone is free to copy, modify, publish, use, compile, sell, or
# distribute this software, either in source code form or as a compiled
Reported by Pylint.
Line: 29
Column: 1
# ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR
# OTHER DEALINGS IN THE SOFTWARE.
import wiredtiger, wttest
from wtscenario import make_scenarios
# Test session.create with the exclusive configuration.
class test_create_excl(wttest.WiredTigerTestCase):
scenarios = make_scenarios([
Reported by Pylint.
Line: 33
Column: 1
from wtscenario import make_scenarios
# Test session.create with the exclusive configuration.
class test_create_excl(wttest.WiredTigerTestCase):
scenarios = make_scenarios([
('file', dict(type='file:')),
('table', dict(type='table:'))
])
Reported by Pylint.
Line: 33
Column: 1
from wtscenario import make_scenarios
# Test session.create with the exclusive configuration.
class test_create_excl(wttest.WiredTigerTestCase):
scenarios = make_scenarios([
('file', dict(type='file:')),
('table', dict(type='table:'))
])
Reported by Pylint.
Line: 41
Column: 5
# Create the object with "exclusive", then assert that creation with
# "exclusive" fails.
def test_create_excl(self):
uri = self.type + 'create_excl'
self.session.create(uri, "exclusive")
self.assertRaises(wiredtiger.WiredTigerError,
lambda: self.session.create(uri, "exclusive"))
Reported by Pylint.
src/third_party/abseil-cpp-master/abseil-cpp/absl/flags/reflection.cc
6 issues
Line: 117
Column: 15
CWE codes:
120
if (filename != nullptr &&
flag.Filename() != GetUsageConfig().normalize_filename(filename)) {
flags_internal::ReportUsageError(
absl::StrCat(
"Inconsistency between flag object and registration for flag '",
flag.Name(),
"', likely due to duplicate flags or an ODR violation. Relevant "
"files: ",
flag.Filename(), " and ", filename),
Reported by FlawFinder.
Line: 136
Column: 17
CWE codes:
120
if (flag.IsRetired() != old_flag.IsRetired()) {
// All registrations must agree on the 'retired' flag.
flags_internal::ReportUsageError(
absl::StrCat(
"Retired flag '", flag.Name(), "' was defined normally in file '",
(flag.IsRetired() ? old_flag.Filename() : flag.Filename()), "'."),
true);
} else if (flags_internal::PrivateHandleAccessor::TypeId(flag) !=
flags_internal::PrivateHandleAccessor::TypeId(old_flag)) {
Reported by FlawFinder.
Line: 143
Column: 17
CWE codes:
120
} else if (flags_internal::PrivateHandleAccessor::TypeId(flag) !=
flags_internal::PrivateHandleAccessor::TypeId(old_flag)) {
flags_internal::ReportUsageError(
absl::StrCat("Flag '", flag.Name(),
"' was defined more than once but with "
"differing types. Defined in files '",
old_flag.Filename(), "' and '", flag.Filename(), "'."),
true);
} else if (old_flag.IsRetired()) {
Reported by FlawFinder.
Line: 152
Column: 17
CWE codes:
120
return;
} else if (old_flag.Filename() != flag.Filename()) {
flags_internal::ReportUsageError(
absl::StrCat("Flag '", flag.Name(),
"' was defined more than once (in files '",
old_flag.Filename(), "' and '", flag.Filename(), "')."),
true);
} else {
flags_internal::ReportUsageError(
Reported by FlawFinder.
Line: 158
Column: 17
CWE codes:
120
true);
} else {
flags_internal::ReportUsageError(
absl::StrCat(
"Something is wrong with flag '", flag.Name(), "' in file '",
flag.Filename(), "'. One possibility: file '", flag.Filename(),
"' is being linked both statically and dynamically into this "
"executable. e.g. some files listed as srcs to a test and also "
"listed as srcs of some shared lib deps of the same test."),
Reported by FlawFinder.
Line: 267
Column: 15
CWE codes:
120
void OnAccess() const {
flags_internal::ReportUsageError(
absl::StrCat("Accessing retired flag '", name_, "'"), false);
}
// Data members
const char* const name_;
const FlagFastTypeId type_id_;
Reported by FlawFinder.
src/third_party/wiredtiger/test/suite/test_gc05.py
6 issues
Line: 96
Column: 5
ckpt_cursor.close()
if __name__ == '__main__':
wttest.run()
Reported by Pylint.
Line: 1
Column: 1
#!/usr/bin/env python
#
# Public Domain 2014-present MongoDB, Inc.
# Public Domain 2008-2014 WiredTiger, Inc.
#
# This is free and unencumbered software released into the public domain.
#
# Anyone is free to copy, modify, publish, use, compile, sell, or
# distribute this software, either in source code form or as a compiled
Reported by Pylint.
Line: 34
Column: 1
# test_gc05.py
# Verify a locked checkpoint is not removed during garbage collection.
class test_gc05(test_gc_base):
conn_config = 'cache_size=50MB,log=(enabled),statistics=(all)'
session_config = 'isolation=snapshot'
def test_gc(self):
uri = "table:gc05"
Reported by Pylint.
Line: 34
Column: 1
# test_gc05.py
# Verify a locked checkpoint is not removed during garbage collection.
class test_gc05(test_gc_base):
conn_config = 'cache_size=50MB,log=(enabled),statistics=(all)'
session_config = 'isolation=snapshot'
def test_gc(self):
uri = "table:gc05"
Reported by Pylint.
Line: 38
Column: 5
conn_config = 'cache_size=50MB,log=(enabled),statistics=(all)'
session_config = 'isolation=snapshot'
def test_gc(self):
uri = "table:gc05"
create_params = 'value_format=S,key_format=i'
self.session.create(uri, create_params)
nrows = 10000
Reported by Pylint.
Line: 47
Column: 9
value_x = "xxxxx" * 100
value_y = "yyyyy" * 100
value_z = "zzzzz" * 100
ds = SimpleDataSet(
self, uri, 0, key_format="i", value_format="S", config='log=(enabled=false)')
ds.populate()
# Set the oldest and stable timestamps to 10.
self.conn.set_timestamp('oldest_timestamp=' + self.timestamp_str(10) +
Reported by Pylint.
site_scons/site_tools/mongo_test_list.py
6 issues
Line: 25
Column: 1
"""Pseudo-builders for building test lists for Resmoke"""
import SCons
from collections import defaultdict
TEST_REGISTRY = defaultdict(list)
Reported by Pylint.
Line: 71
Column: 12
)
def exists(env):
return True
def generate(env):
env["MONGO_TEST_REGISTRY"] = TEST_REGISTRY
Reported by Pylint.
Line: 26
Column: 1
"""Pseudo-builders for building test lists for Resmoke"""
import SCons
from collections import defaultdict
TEST_REGISTRY = defaultdict(list)
def register_test(env, file, test):
Reported by Pylint.
Line: 60
Column: 13
if source:
tests.extend(source)
for s in tests:
ofile.write("{}\n".format(str(s)))
TEST_LIST_BUILDER = SCons.Builder.Builder(
action=SCons.Action.FunctionAction(
Reported by Pylint.
Line: 71
Column: 1
)
def exists(env):
return True
def generate(env):
env["MONGO_TEST_REGISTRY"] = TEST_REGISTRY
Reported by Pylint.
Line: 75
Column: 1
return True
def generate(env):
env["MONGO_TEST_REGISTRY"] = TEST_REGISTRY
env.Append(BUILDERS={"TestList": TEST_LIST_BUILDER})
env.AddMethod(register_test, "RegisterTest")
Reported by Pylint.
src/third_party/abseil-cpp-master/abseil-cpp/absl/base/internal/unaligned_access.h
6 issues
Line: 40
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
inline uint16_t UnalignedLoad16(const void *p) {
uint16_t t;
memcpy(&t, p, sizeof t);
return t;
}
inline uint32_t UnalignedLoad32(const void *p) {
uint32_t t;
Reported by FlawFinder.
Line: 46
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
inline uint32_t UnalignedLoad32(const void *p) {
uint32_t t;
memcpy(&t, p, sizeof t);
return t;
}
inline uint64_t UnalignedLoad64(const void *p) {
uint64_t t;
Reported by FlawFinder.
Line: 52
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
inline uint64_t UnalignedLoad64(const void *p) {
uint64_t t;
memcpy(&t, p, sizeof t);
return t;
}
inline void UnalignedStore16(void *p, uint16_t v) { memcpy(p, &v, sizeof v); }
Reported by FlawFinder.
Line: 56
Column: 53
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
return t;
}
inline void UnalignedStore16(void *p, uint16_t v) { memcpy(p, &v, sizeof v); }
inline void UnalignedStore32(void *p, uint32_t v) { memcpy(p, &v, sizeof v); }
inline void UnalignedStore64(void *p, uint64_t v) { memcpy(p, &v, sizeof v); }
Reported by FlawFinder.
Line: 58
Column: 53
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
inline void UnalignedStore16(void *p, uint16_t v) { memcpy(p, &v, sizeof v); }
inline void UnalignedStore32(void *p, uint32_t v) { memcpy(p, &v, sizeof v); }
inline void UnalignedStore64(void *p, uint64_t v) { memcpy(p, &v, sizeof v); }
} // namespace base_internal
ABSL_NAMESPACE_END
Reported by FlawFinder.
Line: 60
Column: 53
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
inline void UnalignedStore32(void *p, uint32_t v) { memcpy(p, &v, sizeof v); }
inline void UnalignedStore64(void *p, uint64_t v) { memcpy(p, &v, sizeof v); }
} // namespace base_internal
ABSL_NAMESPACE_END
} // namespace absl
Reported by FlawFinder.