The following issues were found
src/third_party/boost/boost/random/mersenne_twister.hpp
4 issues
Line: 37
Column: 11
CWE codes:
327
Suggestion:
Use a more secure technique for acquiring random values
#include <boost/random/detail/disable_warnings.hpp>
namespace boost {
namespace random {
/**
* Instantiations of class template mersenne_twister_engine model a
* \pseudo_random_number_generator. It uses the algorithm described in
*
Reported by FlawFinder.
Line: 670
Column: 7
CWE codes:
327
Suggestion:
Use a more secure technique for acquiring random values
} // namespace random
using random::mt11213b;
using random::mt19937;
using random::mt19937_64;
} // namespace boost
Reported by FlawFinder.
Line: 671
Column: 7
CWE codes:
327
Suggestion:
Use a more secure technique for acquiring random values
} // namespace random
using random::mt11213b;
using random::mt19937;
using random::mt19937_64;
} // namespace boost
BOOST_RANDOM_PTR_HELPER_SPEC(boost::mt11213b)
Reported by FlawFinder.
Line: 672
Column: 7
CWE codes:
327
Suggestion:
Use a more secure technique for acquiring random values
using random::mt11213b;
using random::mt19937;
using random::mt19937_64;
} // namespace boost
BOOST_RANDOM_PTR_HELPER_SPEC(boost::mt11213b)
BOOST_RANDOM_PTR_HELPER_SPEC(boost::mt19937)
Reported by FlawFinder.
src/third_party/boost/boost/random/hyperexponential_distribution.hpp
4 issues
Line: 44
Column: 29
CWE codes:
327
Suggestion:
Use a more secure technique for acquiring random values
#include <vector>
namespace boost { namespace random {
namespace hyperexp_detail {
template <typename T>
std::vector<T>& normalize(std::vector<T>& v)
Reported by FlawFinder.
Line: 755
Column: 23
CWE codes:
327
Suggestion:
Use a more secure technique for acquiring random values
{
const int i = dd_(urng);
return boost::random::exponential_distribution<RealT>(rates_[i])(urng);
}
/**
* Gets a random variate distributed according to the hyperexponential
* distribution with parameters specified by \c param.
Reported by FlawFinder.
Line: 817
Column: 35
CWE codes:
327
Suggestion:
Use a more secure technique for acquiring random values
/** Sets the parameters of the distribution. */
public: void param(param_type const& param)
{
dd_.param(typename boost::random::discrete_distribution<int,RealT>::param_type(param.probabilities()));
rates_ = param.rates();
}
/**
* Effects: Subsequent uses of the distribution do not depend
Reported by FlawFinder.
Line: 865
Column: 21
CWE codes:
327
Suggestion:
Use a more secure technique for acquiring random values
public: BOOST_RANDOM_DETAIL_INEQUALITY_OPERATOR(hyperexponential_distribution)
private: boost::random::discrete_distribution<int,RealT> dd_; ///< The \c discrete_distribution used to sample the phase probability and choose the rate
private: std::vector<RealT> rates_; ///< The <em>rate vector</em> parameter of the distribution
}; // hyperexponential_distribution
}} // namespace boost::random
Reported by FlawFinder.
src/third_party/boost/boost/random/gamma_distribution.hpp
4 issues
Line: 28
Column: 11
CWE codes:
327
Suggestion:
Use a more secure technique for acquiring random values
#include <boost/random/exponential_distribution.hpp>
namespace boost {
namespace random {
// The algorithm is taken from Knuth
/**
* The gamma distribution is a continuous distribution with two
Reported by FlawFinder.
Line: 288
Column: 7
CWE codes:
327
Suggestion:
Use a more secure technique for acquiring random values
} // namespace random
using random::gamma_distribution;
} // namespace boost
#endif // BOOST_RANDOM_GAMMA_DISTRIBUTION_HPP
Reported by FlawFinder.
Line: 260
Column: 10
CWE codes:
120
20
/// \cond hide_private_members
template<class CharT, class Traits>
void read(std::basic_istream<CharT, Traits>& is)
{
param_type parm;
if(is >> parm) {
param(parm);
}
Reported by FlawFinder.
src/third_party/boost/boost/random/binomial_distribution.hpp
4 issues
Line: 26
Column: 11
CWE codes:
327
Suggestion:
Use a more secure technique for acquiring random values
#include <boost/random/detail/disable_warnings.hpp>
namespace boost {
namespace random {
namespace detail {
template<class RealType>
struct binomial_table {
Reported by FlawFinder.
Line: 428
Column: 7
CWE codes:
327
Suggestion:
Use a more secure technique for acquiring random values
}
// backwards compatibility
using random::binomial_distribution;
}
#include <boost/random/detail/enable_warnings.hpp>
Reported by FlawFinder.
Line: 219
Column: 12
CWE codes:
120
20
friend std::basic_istream<CharT,Traits>&
operator>>(std::basic_istream<CharT,Traits>& is, binomial_distribution& bd)
{
bd.read(is);
return is;
}
#endif
/** Returns true if the two distributions will produce the same
Reported by FlawFinder.
Line: 244
Column: 10
CWE codes:
120
20
/// @cond show_private
template<class CharT, class Traits>
void read(std::basic_istream<CharT, Traits>& is) {
param_type parm;
if(is >> parm) {
param(parm);
}
}
Reported by FlawFinder.
src/third_party/boost/boost/move/detail/meta_utils.hpp
4 issues
Line: 80
Column: 4
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct no_type
{
char _[2];
};
//////////////////////////////////////
// natify
//////////////////////////////////////
Reported by FlawFinder.
Line: 233
Column: 21
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
template<class T>
struct is_class_or_union
{
struct twochar { char dummy[2]; };
template <class U>
static char is_class_or_union_tester(void(U::*)(void));
template <class U>
static twochar is_class_or_union_tester(...);
static const bool value = sizeof(is_class_or_union_tester<T>(0)) == sizeof(char);
Reported by FlawFinder.
Line: 281
Column: 17
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
template <class T>
struct has_pointer_type
{
struct two { char c[2]; };
template <class U> static two test(...);
template <class U> static char test(typename U::pointer* = 0);
static const bool value = sizeof(test<T>(0)) == 1;
};
Reported by FlawFinder.
Line: 307
Column: 20
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
{
typedef typename add_lvalue_reference<T>::type t_reference;
typedef char true_t;
class false_t { char dummy[2]; };
static false_t dispatch(...);
static true_t dispatch(U);
static t_reference trigger();
public:
static const bool value = sizeof(dispatch(trigger())) == sizeof(true_t);
Reported by FlawFinder.
src/third_party/boost/boost/move/detail/nsec_clock.hpp
4 issues
Line: 140
Column: 20
CWE codes:
78
Suggestion:
try using a library call that implements the same functionality if available
{
nanosecond_type wall;
nanosecond_type user;
nanosecond_type system;
void clear() { wall = user = system = 0; }
};
Reported by FlawFinder.
Line: 192
Column: 47
CWE codes:
78
Suggestion:
try using a library call that implements the same functionality if available
get_cpu_times(current);
m_times.wall = (current.wall - m_times.wall);
m_times.user = (current.user - m_times.user);
m_times.system = (current.system - m_times.system);
}
inline cpu_times cpu_timer::elapsed() const BOOST_NOEXCEPT
{
if (is_stopped())
Reported by FlawFinder.
Line: 203
Column: 30
CWE codes:
78
Suggestion:
try using a library call that implements the same functionality if available
get_cpu_times(current);
current.wall -= m_times.wall;
current.user -= m_times.user;
current.system -= m_times.system;
return current;
}
inline void cpu_timer::resume() BOOST_NOEXCEPT
{
Reported by FlawFinder.
Line: 215
Column: 33
CWE codes:
78
Suggestion:
try using a library call that implements the same functionality if available
start();
m_times.wall -= current.wall;
m_times.user -= current.user;
m_times.system -= current.system;
}
}
Reported by FlawFinder.
src/third_party/boost/boost/random/shuffle_order.hpp
4 issues
Line: 33
Column: 11
CWE codes:
327
Suggestion:
Use a more secure technique for acquiring random values
#include <boost/random/detail/disable_warnings.hpp>
namespace boost {
namespace random {
/**
* Instatiations of class template @c shuffle_order_engine model a
* \pseudo_random_number_generator. It mixes the output
* of some (usually \linear_congruential_engine)
Reported by FlawFinder.
Line: 133
Column: 33
CWE codes:
327
Suggestion:
Use a more secure technique for acquiring random values
result_type operator()() {
// calculating the range every time may seem wasteful. However, this
// makes the information locally available for the optimizer.
typedef typename boost::random::traits::make_unsigned<result_type>::type base_unsigned;
const base_unsigned brange =
detail::subtract<result_type>()((max)(), (min)());
const base_unsigned off =
detail::subtract<result_type>()(y, (min)());
Reported by FlawFinder.
Line: 263
Column: 7
CWE codes:
327
Suggestion:
Use a more secure technique for acquiring random values
} // namespace random
using random::kreutzer1986;
} // namespace boost
#include <boost/random/detail/enable_warnings.hpp>
Reported by FlawFinder.
Line: 204
Column: 53
CWE codes:
126
Suggestion:
This function is often discouraged by most C++ coding standards in favor of its safer alternatives provided since C++14. Consider using a form of this function that checks the second iterator before potentially overflowing it
/** Returns true if the two generators will produce identical sequences. */
BOOST_RANDOM_DETAIL_EQUALITY_OPERATOR(shuffle_order_engine, x, y)
{ return x._rng == y._rng && x.y == y.y && std::equal(x.v, x.v+k, y.v); }
/** Returns true if the two generators will produce different sequences. */
BOOST_RANDOM_DETAIL_INEQUALITY_OPERATOR(shuffle_order_engine)
private:
Reported by FlawFinder.
src/third_party/boost/boost/iostreams/tee.hpp
4 issues
Line: 63
Column: 21
CWE codes:
120
20
{ }
template<typename Source>
std::streamsize read(Source& src, char_type* s, std::streamsize n)
{
std::streamsize result = iostreams::read(src, s, n);
if (result != -1) {
std::streamsize result2 = iostreams::write(this->component(), s, result);
(void) result2; // Suppress 'unused variable' warning.
Reported by FlawFinder.
Line: 65
Column: 45
CWE codes:
120
20
template<typename Source>
std::streamsize read(Source& src, char_type* s, std::streamsize n)
{
std::streamsize result = iostreams::read(src, s, n);
if (result != -1) {
std::streamsize result2 = iostreams::write(this->component(), s, result);
(void) result2; // Suppress 'unused variable' warning.
BOOST_ASSERT(result == result2);
}
Reported by FlawFinder.
Line: 149
Column: 21
CWE codes:
120
20
tee_device(device_param device, sink_param sink)
: dev_(device), sink_(sink)
{ }
std::streamsize read(char_type* s, std::streamsize n)
{
BOOST_STATIC_ASSERT((
is_convertible<
BOOST_DEDUCED_TYPENAME iostreams::category_of<Device>::type, input
>::value
Reported by FlawFinder.
Line: 156
Column: 46
CWE codes:
120
20
BOOST_DEDUCED_TYPENAME iostreams::category_of<Device>::type, input
>::value
));
std::streamsize result1 = iostreams::read(dev_, s, n);
if (result1 != -1) {
std::streamsize result2 = iostreams::write(sink_, s, result1);
(void) result1; // Suppress 'unused variable' warning.
(void) result2;
BOOST_ASSERT(result1 == result2);
Reported by FlawFinder.
src/mongo/rpc/op_legacy_integration_test.cpp
4 issues
Line: 114
return cursorId;
}
TEST(OpLegacy, DeprecatedWriteOpsCounters) {
auto conn = getIntegrationTestConnection();
const std::string ns = "testOpLegacy.DeprecatedWriteOpsCounters";
// Cache the counters prior to running the deprecated requests.
auto serverStatusCmd = fromjson("{serverStatus: 1}");
Reported by Cppcheck.
Line: 161
Column: 41
CWE codes:
120
20
void assertFailure(const Message response, StringData expectedErr) {
QueryResult::ConstView qr = response.singleData().view2ptr();
BufReader responseData(qr.data(), qr.dataLen());
BSONObj responseBody = responseData.read<BSONObj>();
ASSERT_FALSE(responseBody["ok"].trueValue()) << responseBody;
ASSERT_EQ(5739101, responseBody["code"].Int()) << responseBody;
ASSERT_NE(getErrField(responseBody).checkAndGetStringData().find(expectedErr),
std::string::npos)
Reported by FlawFinder.
Line: 389
Column: 24
CWE codes:
120
20
ASSERT(conn->call(opQuery, replyQuery));
QueryResult::ConstView qr = replyQuery.singleData().view2ptr();
BufReader data(qr.data(), qr.dataLen());
BSONObj obj = data.read<BSONObj>();
auto status = getStatusFromCommandResult(obj);
ASSERT_EQ(status.code(), ErrorCodes::UnsupportedOpQueryCommand);
// The logic around log severity for the deprecation logging is tested elsewhere. Here we check
// that it gets logged at all.
Reported by FlawFinder.
Line: 426
Column: 24
CWE codes:
120
20
ASSERT(conn->call(opQuery, replyQuery));
QueryResult::ConstView qr = replyQuery.singleData().view2ptr();
BufReader data(qr.data(), qr.dataLen());
BSONObj obj = data.read<BSONObj>();
auto status = getStatusFromCommandResult(obj);
ASSERT_EQ(status.code(), code);
ASSERT_FALSE(wasLogged(conn.get(), "query", ""));
Reported by FlawFinder.
src/third_party/wiredtiger/src/utilities/util_misc.c
4 issues
Line: 29
Column: 15
CWE codes:
134
Suggestion:
Use a constant for the format specification
(void)fprintf(stderr, "%s: ", progname);
if (fmt != NULL) {
va_start(ap, fmt);
(void)vfprintf(stderr, fmt, ap);
va_end(ap);
if (e != 0)
(void)fprintf(stderr, ": ");
}
if (e != 0)
Reported by FlawFinder.
Line: 136
Column: 11
CWE codes:
126
size_t len;
char *buf;
len = strlen(uri) + 100;
if ((buf = malloc(len)) == NULL)
return (util_err(session, errno, NULL));
if ((ret = __wt_snprintf(buf, len, "target=(\"%s\")", uri)) != 0) {
free(buf);
Reported by FlawFinder.
Line: 171
Column: 51
CWE codes:
126
fprintf(stderr, "%s\n", tag);
if (list != NULL)
for (p = list; *p != NULL; p += 2)
fprintf(stderr, " %s%s%s\n", p[0], strlen(p[0]) > 2 ? "\n " : " ", p[1]);
}
Reported by FlawFinder.