The following issues were found

src/third_party/mozjs-60/extract/js/src/jit/arm64/vixl/Instrument-vixl.cpp
4 issues
fprintf - If format strings can be influenced by an attacker, they can be exploited
Security

Line: 232 Column: 3 CWE codes: 134
Suggestion: Use a constant for the format specification 

                // and the output file, and exit.
  static const char* error_message =
    "# Error: Unknown counter \"%s\". Exiting.\n";
  fprintf(stderr, error_message, name);
  fprintf(output_stream_, error_message, name);
  exit(1);
}

Reported by FlawFinder.

fprintf - If format strings can be influenced by an attacker, they can be exploited
Security

Line: 233 Column: 3 CWE codes: 134
Suggestion: Use a constant for the format specification 

                static const char* error_message =
    "# Error: Unknown counter \"%s\". Exiting.\n";
  fprintf(stderr, error_message, name);
  fprintf(output_stream_, error_message, name);
  exit(1);
}


void Instrument::Enable() {

Reported by FlawFinder.

fopen - Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents?
Security

Line: 127 Column: 22 CWE codes: 362 

                // Set up the output stream. If datafile is non-NULL, use that file. If it
  // can't be opened, or datafile is NULL, use stdout.
  if (datafile != NULL) {
    output_stream_ = fopen(datafile, "w");
    if (output_stream_ == NULL) {
      printf("Can't open output file %s. Using stdout.\n", datafile);
      output_stream_ = stdout;
    }
  }

Reported by FlawFinder.

strncpy - Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned]
Security

Line: 36 Column: 3 CWE codes: 120 

              Counter::Counter(const char* name, CounterType type)
    : count_(0), enabled_(false), type_(type) {
  VIXL_ASSERT(name != NULL);
  strncpy(name_, name, kCounterNameMaxLength);
}


void Counter::Enable() {
  enabled_ = true;

Reported by FlawFinder.

buildscripts/utils.py
4 issues
Consider possible security implications associated with subprocess module.
Security blacklist

Line: 7
Suggestion: https://bandit.readthedocs.io/en/latest/blacklists/blacklist_imports.html#b404-import-subprocess 

              import re
import os
import os.path
import subprocess
import sys


def get_git_branch():
    """Return the git branch version."""

Reported by Bandit.

Starting a process with a partial executable path
Security injection

Line: 59
Suggestion: https://bandit.readthedocs.io/en/latest/plugins/b607_start_process_with_partial_path.html 

              def get_git_describe():
    """Return 'git describe --abbrev=7'."""
    with open(os.devnull, "r+") as devnull:
        proc = subprocess.Popen("git describe --abbrev=7", stdout=subprocess.PIPE, stderr=devnull,
                                stdin=devnull, shell=True)
        return proc.communicate()[0].strip().decode('utf-8')


def execsys(args):

Reported by Bandit.

subprocess call with shell=True seems safe, but may be changed in the future, consider rewriting without shell
Security injection

Line: 60
Suggestion: https://bandit.readthedocs.io/en/latest/plugins/b602_subprocess_popen_with_shell_equals_true.html 

                  """Return 'git describe --abbrev=7'."""
    with open(os.devnull, "r+") as devnull:
        proc = subprocess.Popen("git describe --abbrev=7", stdout=subprocess.PIPE, stderr=devnull,
                                stdin=devnull, shell=True)
        return proc.communicate()[0].strip().decode('utf-8')


def execsys(args):
    """Execute a subprocess of 'args'."""

Reported by Bandit.

subprocess call - check for execution of untrusted input.
Security injection

Line: 69
Suggestion: https://bandit.readthedocs.io/en/latest/plugins/b603_subprocess_without_shell_equals_true.html 

                  if isinstance(args, str):
        rc = re.compile(r"\s+")
        args = rc.split(args)
    proc = subprocess.Popen(args, stdout=subprocess.PIPE, stderr=subprocess.PIPE)
    res = proc.communicate()
    return res


def which(executable):

Reported by Bandit.

src/third_party/mozjs-60/extract/js/src/jit/arm/MacroAssembler-arm.h
4 issues
access - This usually indicates a security flaw. If an attacker can change anything along the path between the call to access() and the file's actual use (e.g., by moving files), the attacker can exploit the race condition
Security

Line: 473 Column: 53 CWE codes: 362/367!
Suggestion: Set up the correct permissions (e.g., using setuid()) and try to open the file directly 

                  }

    // `outAny` is valid if and only if `out64` == Register64::Invalid().
    void wasmLoadImpl(const wasm::MemoryAccessDesc& access, Register memoryBase, Register ptr,
                      Register ptrScratch, AnyRegister outAny, Register64 out64);

    // `valAny` is valid if and only if `val64` == Register64::Invalid().
    void wasmStoreImpl(const wasm::MemoryAccessDesc& access, AnyRegister valAny, Register64 val64,
                       Register memoryBase, Register ptr, Register ptrScratch);

Reported by FlawFinder.

access - This usually indicates a security flaw. If an attacker can change anything along the path between the call to access() and the file's actual use (e.g., by moving files), the attacker can exploit the race condition
Security

Line: 477 Column: 54 CWE codes: 362/367!
Suggestion: Set up the correct permissions (e.g., using setuid()) and try to open the file directly 

                                    Register ptrScratch, AnyRegister outAny, Register64 out64);

    // `valAny` is valid if and only if `val64` == Register64::Invalid().
    void wasmStoreImpl(const wasm::MemoryAccessDesc& access, AnyRegister valAny, Register64 val64,
                       Register memoryBase, Register ptr, Register ptrScratch);

  protected:
    // `outAny` is valid if and only if `out64` == Register64::Invalid().
    void wasmUnalignedLoadImpl(const wasm::MemoryAccessDesc& access, Register memoryBase,

Reported by FlawFinder.

access - This usually indicates a security flaw. If an attacker can change anything along the path between the call to access() and the file's actual use (e.g., by moving files), the attacker can exploit the race condition
Security

Line: 482 Column: 62 CWE codes: 362/367!
Suggestion: Set up the correct permissions (e.g., using setuid()) and try to open the file directly 

              
  protected:
    // `outAny` is valid if and only if `out64` == Register64::Invalid().
    void wasmUnalignedLoadImpl(const wasm::MemoryAccessDesc& access, Register memoryBase,
                               Register ptr, Register ptrScratch, AnyRegister outAny,
                               Register64 out64, Register tmp1, Register tmp2, Register tmp3);

    // The value to be stored is in `floatValue` (if not invalid), `val64` (if not invalid),
    // or in `valOrTmp` (if `floatValue` and `val64` are both invalid).  Note `valOrTmp` must

Reported by FlawFinder.

access - This usually indicates a security flaw. If an attacker can change anything along the path between the call to access() and the file's actual use (e.g., by moving files), the attacker can exploit the race condition
Security

Line: 489 Column: 63 CWE codes: 362/367!
Suggestion: Set up the correct permissions (e.g., using setuid()) and try to open the file directly 

                  // The value to be stored is in `floatValue` (if not invalid), `val64` (if not invalid),
    // or in `valOrTmp` (if `floatValue` and `val64` are both invalid).  Note `valOrTmp` must
    // always be valid.
    void wasmUnalignedStoreImpl(const wasm::MemoryAccessDesc& access, FloatRegister floatValue,
                                Register64 val64, Register memoryBase, Register ptr,
                                Register ptrScratch, Register valOrTmp);

  private:
    // Loads `byteSize` bytes, byte by byte, by reading from ptr[offset],

Reported by FlawFinder.

src/third_party/wiredtiger/test/cursor_order/cursor_order_ops.c
4 issues
atol - Unless checked, the resulting number can exceed the expected range
Security

Line: 175 Column: 34 CWE codes: 190
Suggestion: If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended) 

              
        if (cfg->ftype == ROW) {
            testutil_check(cursor->get_key(cursor, &strkey));
            this_key = (uint64_t)atol(strkey);
        } else
            testutil_check(cursor->get_key(cursor, (uint64_t *)&this_key));

        if (i == 0 && this_key < initial_key_range)
            testutil_die(ret,

Reported by FlawFinder.

char - Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues
Security

Line: 203 Column: 5 CWE codes: 119 120
Suggestion: Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length 

                  WT_SESSION *session;
    uintmax_t id;
    uint64_t i;
    char tid[128];

    id = (uintmax_t)arg;
    s = &run_info[id];
    cfg = s->cfg;
    testutil_check(__wt_thread_str(tid, sizeof(tid)));

Reported by FlawFinder.

char - Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues
Security

Line: 239 Column: 5 CWE codes: 119 120
Suggestion: Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length 

                  WT_ITEM *value, _value;
    size_t len;
    uint64_t keyno;
    char keybuf[64], valuebuf[64];

    WT_UNUSED(session);

    value = &_value;

Reported by FlawFinder.

char - Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues
Security

Line: 278 Column: 5 CWE codes: 119 120
Suggestion: Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length 

                  WT_SESSION *session;
    uintmax_t id;
    uint64_t i;
    char tid[128];

    id = (uintmax_t)arg;
    s = &run_info[id];
    cfg = s->cfg;
    testutil_check(__wt_thread_str(tid, sizeof(tid)));

Reported by FlawFinder.

src/mongo/bson/bson_obj_test.cpp
4 issues
syntax error
Error

Line: 44 

              namespace {
using namespace mongo;

TEST(BSONObjToString, EmptyArray) {
    const char text[] = "{ x: [] }";
    mongo::BSONObj o1 = mongo::fromjson(text);
    const std::string o1_str = o1.toString();
    ASSERT_EQUALS(text, o1_str);
}

Reported by Cppcheck.

equal - Function does not check the second iterator for over-read conditions
Security

Line: 196 Column: 49 CWE codes: 126
Suggestion: This function is often discouraged by most C++ coding standards in favor of its safer alternatives provided since C++14. Consider using a form of this function that checks the second iterator before potentially overflowing it 

              #pragma warning(push)
#pragma warning(disable : 4056)  // warning C4056: overflow in floating-point constant arithmetic
#endif
        invariant(static_cast<double>(minLL) == equal);
        invariant(static_cast<long long>(equal) == minLL);
#if defined(_MSC_VER)
#pragma warning(pop)
#endif

Reported by FlawFinder.

equal - Function does not check the second iterator for over-read conditions
Security

Line: 197 Column: 42 CWE codes: 126
Suggestion: This function is often discouraged by most C++ coding standards in favor of its safer alternatives provided since C++14. Consider using a form of this function that checks the second iterator before potentially overflowing it 

              #pragma warning(disable : 4056)  // warning C4056: overflow in floating-point constant arithmetic
#endif
        invariant(static_cast<double>(minLL) == equal);
        invariant(static_cast<long long>(equal) == minLL);
#if defined(_MSC_VER)
#pragma warning(pop)
#endif

        ASSERT_BSONOBJ_LT(BSON("" << minLL), BSON("" << (minLL + 1)));

Reported by FlawFinder.

equal - Function does not check the second iterator for over-read conditions
Security

Line: 204 Column: 57 CWE codes: 126
Suggestion: This function is often discouraged by most C++ coding standards in favor of its safer alternatives provided since C++14. Consider using a form of this function that checks the second iterator before potentially overflowing it 

              
        ASSERT_BSONOBJ_LT(BSON("" << minLL), BSON("" << (minLL + 1)));

        ASSERT_BSONOBJ_EQ(BSON("" << minLL), BSON("" << equal));
        ASSERT_BSONOBJ_LT(BSON("" << minLL), BSON("" << closestAbove));
        ASSERT_BSONOBJ_GT(BSON("" << minLL), BSON("" << closestBelow));
    }
}

Reported by FlawFinder.

src/third_party/wiredtiger/test/csuite/wt4117_checksum/main.c
4 issues
memcpy - Does not check for buffer overflows when copying to destination
Security

Line: 75 Column: 5 CWE codes: 120
Suggestion: Make sure destination can always hold the source data 

                  check(crc32c, (uint32_t)0x48674bc7, len, "nul x4");

    len = strlen("123456789");
    memcpy(data, "123456789", len);
    crc32c = func(data, len);
    check(crc32c, (uint32_t)0xe3069283, len, "known string #1");

    len = strlen("The quick brown fox jumps over the lazy dog");
    memcpy(data, "The quick brown fox jumps over the lazy dog", len);

Reported by FlawFinder.

memcpy - Does not check for buffer overflows when copying to destination
Security

Line: 80 Column: 5 CWE codes: 120
Suggestion: Make sure destination can always hold the source data 

                  check(crc32c, (uint32_t)0xe3069283, len, "known string #1");

    len = strlen("The quick brown fox jumps over the lazy dog");
    memcpy(data, "The quick brown fox jumps over the lazy dog", len);
    crc32c = func(data, len);
    check(crc32c, (uint32_t)0x22620404, len, "known string #2");

    free(data);
}

Reported by FlawFinder.

strlen - Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected)
Security

Line: 74 Column: 11 CWE codes: 126 

                  crc32c = func(data, len);
    check(crc32c, (uint32_t)0x48674bc7, len, "nul x4");

    len = strlen("123456789");
    memcpy(data, "123456789", len);
    crc32c = func(data, len);
    check(crc32c, (uint32_t)0xe3069283, len, "known string #1");

    len = strlen("The quick brown fox jumps over the lazy dog");

Reported by FlawFinder.

strlen - Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected)
Security

Line: 79 Column: 11 CWE codes: 126 

                  crc32c = func(data, len);
    check(crc32c, (uint32_t)0xe3069283, len, "known string #1");

    len = strlen("The quick brown fox jumps over the lazy dog");
    memcpy(data, "The quick brown fox jumps over the lazy dog", len);
    crc32c = func(data, len);
    check(crc32c, (uint32_t)0x22620404, len, "known string #2");

    free(data);

Reported by FlawFinder.

src/third_party/mozjs-60/extract/js/src/jit/JitOptions.cpp
4 issues
getenv - Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once
Security

Line: 44 Column: 17 CWE codes: 807 20
Suggestion: Check environment variables carefully before using them 

              
template<typename T>
T overrideDefault(const char* param, T dflt) {
    char* str = getenv(param);
    if (!str)
        return dflt;
    if (IsBool<T>::value) {
        if (strcmp(str, "true") == 0 || strcmp(str, "yes") == 0)
            return true;

Reported by FlawFinder.

getenv - Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once
Security

Line: 209 Column: 27 CWE codes: 807 20
Suggestion: Check environment variables carefully before using them 

                  // a function with the highest ionmonkey optimization level.
    // (i.e. OptimizationLevel_Normal)
    const char* forcedDefaultIonWarmUpThresholdEnv = "JIT_OPTION_forcedDefaultIonWarmUpThreshold";
    if (const char* env = getenv(forcedDefaultIonWarmUpThresholdEnv)) {
        Maybe<int> value = ParseInt(env);
        if (value.isSome())
            forcedDefaultIonWarmUpThreshold.emplace(value.ref());
        else
            Warn(forcedDefaultIonWarmUpThresholdEnv, env);

Reported by FlawFinder.

getenv - Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once
Security

Line: 220 Column: 27 CWE codes: 807 20
Suggestion: Check environment variables carefully before using them 

                  // Same but for compiling small functions.
    const char* forcedDefaultIonSmallFunctionWarmUpThresholdEnv =
        "JIT_OPTION_forcedDefaultIonSmallFunctionWarmUpThreshold";
    if (const char* env = getenv(forcedDefaultIonSmallFunctionWarmUpThresholdEnv)) {
        Maybe<int> value = ParseInt(env);
        if (value.isSome())
            forcedDefaultIonSmallFunctionWarmUpThreshold.emplace(value.ref());
        else
            Warn(forcedDefaultIonSmallFunctionWarmUpThresholdEnv, env);

Reported by FlawFinder.

getenv - Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once
Security

Line: 231 Column: 27 CWE codes: 807 20
Suggestion: Check environment variables carefully before using them 

                  // Force the used register allocator instead of letting the optimization
    // pass decide.
    const char* forcedRegisterAllocatorEnv = "JIT_OPTION_forcedRegisterAllocator";
    if (const char* env = getenv(forcedRegisterAllocatorEnv)) {
        forcedRegisterAllocator = LookupRegisterAllocator(env);
        if (!forcedRegisterAllocator.isSome())
            Warn(forcedRegisterAllocatorEnv, env);
    }

Reported by FlawFinder.

src/third_party/mozjs-60/extract/js/src/jit/JSJitFrameIter.h
4 issues
read - Check buffer boundaries if used in a loop including recursive loops
Security

Line: 444 Column: 26 CWE codes: 120 20 

                      return machine_->has(reg);
    }
    uintptr_t fromRegister(Register reg) const {
        return machine_->read(reg);
    }

    bool hasRegister(FloatRegister reg) const {
        return machine_->has(reg);
    }

Reported by FlawFinder.

read - Check buffer boundaries if used in a loop including recursive loops
Security

Line: 451 Column: 26 CWE codes: 120 20 

                      return machine_->has(reg);
    }
    double fromRegister(FloatRegister reg) const {
        return machine_->read(reg);
    }

    // Read an uintptr_t from the stack.
    bool hasStack(int32_t offset) const {
        return true;

Reported by FlawFinder.

read - Check buffer boundaries if used in a loop including recursive loops
Security

Line: 565 Column: 11 CWE codes: 120 20 

                  SnapshotIterator(const JSJitFrameIter& iter, const MachineState* machineState);
    SnapshotIterator();

    Value read() {
        return allocationValue(readAllocation());
    }

    // Read the |Normal| value unless it is not available and that the snapshot
    // provides a |Default| value. This is useful to avoid invalidations of the

Reported by FlawFinder.

read - Check buffer boundaries if used in a loop including recursive loops
Security

Line: 599 Column: 27 CWE codes: 120 20 

                      // Assumes that the common frame arguments have already been read.
        if (script->argumentsHasVarBinding()) {
            if (argsObj) {
                Value v = read();
                if (v.isObject())
                    *argsObj = &v.toObject().as<ArgumentsObject>();
            } else {
                skip();
            }

Reported by FlawFinder.

src/third_party/wiredtiger/test/csuite/wt6185_modify_ts/main.c
4 issues
char - Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues
Security

Line: 48 Column: 8 CWE codes: 119 120
Suggestion: Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length 

              } list[MAX_OPS];
static u_int lnext;

static char *tlist[MAX_OPS * 100]; /* List of traced operations. */
static u_int tnext;

static uint64_t ts; /* Current timestamp. */

static char keystr[100], modify_repl[256], tmp[4 * 1024];

Reported by FlawFinder.

char - Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues
Security

Line: 53 Column: 8 CWE codes: 119 120
Suggestion: Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length 

              
static uint64_t ts; /* Current timestamp. */

static char keystr[100], modify_repl[256], tmp[4 * 1024];
static uint64_t keyrecno;

static bool use_columns = false;

/*

Reported by FlawFinder.

char - Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues
Security

Line: 184 Column: 12 CWE codes: 119 120
Suggestion: Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length 

                      entries[i].size = (size_t)mmrand(0, 10);
        trace("modify %d: off=%" WT_SIZET_FMT ", size=%" WT_SIZET_FMT ", data=\"%.*s\"", tag,
          entries[i].offset, entries[i].size, (int)entries[i].data.size,
          (char *)entries[i].data.data);
    }

    *nentriesp = (int)nentries;
}

Reported by FlawFinder.

char - Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues
Security

Line: 318 Column: 5 CWE codes: 119 120
Suggestion: Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length 

                  WT_SESSION *session;
    u_int i, j;
    int ch;
    char path[1024], table_config[128], value[VALUE_SIZE];
    const char *home, *v;
    bool no_checkpoint, no_eviction;

    (void)testutil_set_progname(argv);
    custom_die = trace_die;

Reported by FlawFinder.

src/third_party/mozjs-60/extract/js/src/jit/IonTypes.h
4 issues
memcpy - Does not check for buffer overflows when copying to destination
Security

Line: 290 Column: 9 CWE codes: 120
Suggestion: Make sure destination can always hold the source data 

                  static SimdConstant CreateX16(const int8_t* array) {
        SimdConstant cst;
        cst.type_ = Int8x16;
        memcpy(cst.u.i8x16, array, sizeof(cst.u));
        return cst;
    }
    static SimdConstant SplatX16(int8_t v) {
        SimdConstant cst;
        cst.type_ = Int8x16;

Reported by FlawFinder.

memcpy - Does not check for buffer overflows when copying to destination
Security

Line: 302 Column: 9 CWE codes: 120
Suggestion: Make sure destination can always hold the source data 

                  static SimdConstant CreateX8(const int16_t* array) {
        SimdConstant cst;
        cst.type_ = Int16x8;
        memcpy(cst.u.i16x8, array, sizeof(cst.u));
        return cst;
    }
    static SimdConstant SplatX8(int16_t v) {
        SimdConstant cst;
        cst.type_ = Int16x8;

Reported by FlawFinder.

memcpy - Does not check for buffer overflows when copying to destination
Security

Line: 314 Column: 9 CWE codes: 120
Suggestion: Make sure destination can always hold the source data 

                  static SimdConstant CreateX4(const int32_t* array) {
        SimdConstant cst;
        cst.type_ = Int32x4;
        memcpy(cst.u.i32x4, array, sizeof(cst.u));
        return cst;
    }
    static SimdConstant SplatX4(int32_t v) {
        SimdConstant cst;
        cst.type_ = Int32x4;

Reported by FlawFinder.

memcpy - Does not check for buffer overflows when copying to destination
Security

Line: 326 Column: 9 CWE codes: 120
Suggestion: Make sure destination can always hold the source data 

                  static SimdConstant CreateX4(const float* array) {
        SimdConstant cst;
        cst.type_ = Float32x4;
        memcpy(cst.u.f32x4, array, sizeof(cst.u));
        return cst;
    }
    static SimdConstant SplatX4(float v) {
        SimdConstant cst;
        cst.type_ = Float32x4;

Reported by FlawFinder.