The following issues were found

src/mongo/rpc/op_legacy_integration_test.cpp
4 issues
syntax error
Error

Line: 114 

                  return cursorId;
}

TEST(OpLegacy, DeprecatedWriteOpsCounters) {
    auto conn = getIntegrationTestConnection();
    const std::string ns = "testOpLegacy.DeprecatedWriteOpsCounters";

    // Cache the counters prior to running the deprecated requests.
    auto serverStatusCmd = fromjson("{serverStatus: 1}");

Reported by Cppcheck.

read - Check buffer boundaries if used in a loop including recursive loops
Security

Line: 161 Column: 41 CWE codes: 120 20 

              void assertFailure(const Message response, StringData expectedErr) {
    QueryResult::ConstView qr = response.singleData().view2ptr();
    BufReader responseData(qr.data(), qr.dataLen());
    BSONObj responseBody = responseData.read<BSONObj>();

    ASSERT_FALSE(responseBody["ok"].trueValue()) << responseBody;
    ASSERT_EQ(5739101, responseBody["code"].Int()) << responseBody;
    ASSERT_NE(getErrField(responseBody).checkAndGetStringData().find(expectedErr),
              std::string::npos)

Reported by FlawFinder.

read - Check buffer boundaries if used in a loop including recursive loops
Security

Line: 389 Column: 24 CWE codes: 120 20 

                  ASSERT(conn->call(opQuery, replyQuery));
    QueryResult::ConstView qr = replyQuery.singleData().view2ptr();
    BufReader data(qr.data(), qr.dataLen());
    BSONObj obj = data.read<BSONObj>();
    auto status = getStatusFromCommandResult(obj);
    ASSERT_EQ(status.code(), ErrorCodes::UnsupportedOpQueryCommand);

    // The logic around log severity for the deprecation logging is tested elsewhere. Here we check
    // that it gets logged at all.

Reported by FlawFinder.

read - Check buffer boundaries if used in a loop including recursive loops
Security

Line: 426 Column: 24 CWE codes: 120 20 

                  ASSERT(conn->call(opQuery, replyQuery));
    QueryResult::ConstView qr = replyQuery.singleData().view2ptr();
    BufReader data(qr.data(), qr.dataLen());
    BSONObj obj = data.read<BSONObj>();
    auto status = getStatusFromCommandResult(obj);
    ASSERT_EQ(status.code(), code);

    ASSERT_FALSE(wasLogged(conn.get(), "query", ""));

Reported by FlawFinder.

src/third_party/boost/boost/iostreams/code_converter.hpp
4 issues
open - Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents?
Security

Line: 157 Column: 10 CWE codes: 362 

                  }

    template <class T>
    void open(const T& dev, std::streamsize buffer_size)
    {
        if (flags_ & f_open)
            boost::throw_exception(BOOST_IOSTREAMS_FAILURE("already open"));
        if (buffer_size == -1)
            buffer_size = default_filter_buffer_size;

Reported by FlawFinder.

open - Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents?
Security

Line: 291 Column: 16 CWE codes: 362 

                  template<typename T> // Used for forwarding.
    void open_impl(const T& t BOOST_IOSTREAMS_CONVERTER_PARAMS()) 
    { 
        impl().open(t BOOST_IOSTREAMS_CONVERTER_ARGS()); 
    }

    const codecvt_type& cvt() { return impl().cvt_.get(); }
    device_type& dev() { return impl().dev(); }
    buffer_type& in() { return impl().buf_.first(); }

Reported by FlawFinder.

read - Check buffer boundaries if used in a loop including recursive loops
Security

Line: 279 Column: 21 CWE codes: 120 20 

              
        // Device interface.

    std::streamsize read(char_type*, std::streamsize);
    std::streamsize write(const char_type*, std::streamsize);
    void imbue(const std::locale& loc) { impl().cvt_.imbue(loc); }

        // Direct device access.

Reported by FlawFinder.

read - Check buffer boundaries if used in a loop including recursive loops
Security

Line: 306 Column: 56 CWE codes: 120 20 

              // Implementation note: if end of stream contains a partial character,
// it is ignored.
template<typename Device, typename Codevt, typename Alloc>
std::streamsize code_converter<Device, Codevt, Alloc>::read
    (char_type* s, std::streamsize n)
{
    const extern_type*   next;        // Next external char.
    intern_type*         nint;        // Next internal char.
    std::streamsize      total = 0;   // Characters read.

Reported by FlawFinder.

src/third_party/boost/boost/iostreams/chain.hpp
4 issues
open - Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents?
Security

Line: 330 Column: 30 CWE codes: 362 

                                  flags_ &= ~f_open;
                    stream_buffer< basic_null_device<Ch, Mode> > null;
                    if ((flags_ & f_complete) == 0) {
                        null.open(basic_null_device<Ch, Mode>());
                        set_next(links_.back(), &null);
                    }
                    links_.front()->BOOST_IOSTREAMS_PUBSYNC();
                    try {
                        boost::iostreams::detail::execute_foreach(

Reported by FlawFinder.

read - Check buffer boundaries if used in a loop including recursive loops
Security

Line: 161 Column: 21 CWE codes: 120 20 

              
    //----------Device interface----------------------------------------------//

    std::streamsize read(char_type* s, std::streamsize n);
    std::streamsize write(const char_type* s, std::streamsize n);
    std::streampos seek(stream_offset off, BOOST_IOS::seekdir way);

    //----------Direct component access---------------------------------------//

Reported by FlawFinder.

read - Check buffer boundaries if used in a loop including recursive loops
Security

Line: 515 Column: 63 CWE codes: 120 20 

              //--------------Implementation of chain_base----------------------------------//

template<typename Self, typename Ch, typename Tr, typename Alloc, typename Mode>
inline std::streamsize chain_base<Self, Ch, Tr, Alloc, Mode>::read
    (char_type* s, std::streamsize n)
{ return iostreams::read(*list().front(), s, n); }

template<typename Self, typename Ch, typename Tr, typename Alloc, typename Mode>
inline std::streamsize chain_base<Self, Ch, Tr, Alloc, Mode>::write

Reported by FlawFinder.

read - Check buffer boundaries if used in a loop including recursive loops
Security

Line: 517 Column: 21 CWE codes: 120 20 

              template<typename Self, typename Ch, typename Tr, typename Alloc, typename Mode>
inline std::streamsize chain_base<Self, Ch, Tr, Alloc, Mode>::read
    (char_type* s, std::streamsize n)
{ return iostreams::read(*list().front(), s, n); }

template<typename Self, typename Ch, typename Tr, typename Alloc, typename Mode>
inline std::streamsize chain_base<Self, Ch, Tr, Alloc, Mode>::write
    (const char_type* s, std::streamsize n)
{ return iostreams::write(*list().front(), s, n); }

Reported by FlawFinder.

src/third_party/boost/boost/iostreams/checked_operations.hpp
4 issues
read - Check buffer boundaries if used in a loop including recursive loops
Security

Line: 53 Column: 45 CWE codes: 120 20 

              read_if(T& t, typename char_type_of<T>::type* s, std::streamsize n)
{ 
    typedef typename detail::dispatch<T, input, output>::type tag;
    return detail::read_write_if_impl<tag>::read(t, s, n);
}

template<typename T>
bool put_if(T& t, typename char_type_of<T>::type c)
{

Reported by FlawFinder.

read - Check buffer boundaries if used in a loop including recursive loops
Security

Line: 93 Column: 5 CWE codes: 120 20 

              
    template<typename T>
    static std::streamsize
    read(T& t, typename char_type_of<T>::type* s, std::streamsize n)
    { return iostreams::read(t, s, n); }

    template<typename T>
    static bool put(T&, typename char_type_of<T>::type)
    { boost::throw_exception(cant_write());

Reported by FlawFinder.

read - Check buffer boundaries if used in a loop including recursive loops
Security

Line: 94 Column: 25 CWE codes: 120 20 

                  template<typename T>
    static std::streamsize
    read(T& t, typename char_type_of<T>::type* s, std::streamsize n)
    { return iostreams::read(t, s, n); }

    template<typename T>
    static bool put(T&, typename char_type_of<T>::type)
    { boost::throw_exception(cant_write());
      BOOST_IOSTREAMS_UNREACHABLE_RETURN(false) }

Reported by FlawFinder.

read - Check buffer boundaries if used in a loop including recursive loops
Security

Line: 117 Column: 5 CWE codes: 120 20 

              
    template<typename T>
    static std::streamsize
    read(T&, typename char_type_of<T>::type*, std::streamsize)
    { boost::throw_exception(cant_read());
      BOOST_IOSTREAMS_UNREACHABLE_RETURN(0) }

    template<typename T>
    static bool put(T& t, typename char_type_of<T>::type c)

Reported by FlawFinder.

src/third_party/wiredtiger/src/utilities/util_misc.c
4 issues
vfprintf - If format strings can be influenced by an attacker, they can be exploited
Security

Line: 29 Column: 15 CWE codes: 134
Suggestion: Use a constant for the format specification 

                  (void)fprintf(stderr, "%s: ", progname);
    if (fmt != NULL) {
        va_start(ap, fmt);
        (void)vfprintf(stderr, fmt, ap);
        va_end(ap);
        if (e != 0)
            (void)fprintf(stderr, ": ");
    }
    if (e != 0)

Reported by FlawFinder.

getchar - Check buffer boundaries if used in a loop including recursive loops
Security

Line: 61 Column: 19 CWE codes: 120 20 

                      l->memsize = 1024;
    }
    for (len = 0;; ++len) {
        if ((ch = getchar()) == EOF) {
            if (len == 0) {
                if (eof_expected) {
                    *eofp = true;
                    return (0);
                }

Reported by FlawFinder.

strlen - Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected)
Security

Line: 136 Column: 11 CWE codes: 126 

                  size_t len;
    char *buf;

    len = strlen(uri) + 100;
    if ((buf = malloc(len)) == NULL)
        return (util_err(session, errno, NULL));

    if ((ret = __wt_snprintf(buf, len, "target=(\"%s\")", uri)) != 0) {
        free(buf);

Reported by FlawFinder.

strlen - Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected)
Security

Line: 171 Column: 51 CWE codes: 126 

                      fprintf(stderr, "%s\n", tag);
    if (list != NULL)
        for (p = list; *p != NULL; p += 2)
            fprintf(stderr, "    %s%s%s\n", p[0], strlen(p[0]) > 2 ? "\n        " : "  ", p[1]);
}

Reported by FlawFinder.

src/third_party/boost/boost/random/uniform_01.hpp
4 issues
random - This function is not sufficiently random for security-related functions such as key and nonce creation
Security

Line: 29 Column: 11 CWE codes: 327
Suggestion: Use a more secure technique for acquiring random values 

              #include <boost/random/detail/disable_warnings.hpp>

namespace boost {
namespace random {

#ifdef BOOST_RANDOM_DOXYGEN

/**
 * The distribution function uniform_01 models a \random_distribution.

Reported by FlawFinder.

random - This function is not sufficiently random for security-related functions such as key and nonce creation
Security

Line: 124 Column: 18 CWE codes: 327
Suggestion: Use a more secure technique for acquiring random values 

              template<class UniformRandomNumberGenerator, class RealType>
class backward_compatible_uniform_01
{
  typedef boost::random::detail::ptr_helper<UniformRandomNumberGenerator> traits;
public:
  typedef UniformRandomNumberGenerator base_type;
  typedef RealType result_type;

  BOOST_STATIC_CONSTANT(bool, has_fixed_range = false);

Reported by FlawFinder.

random - This function is not sufficiently random for security-related functions such as key and nonce creation
Security

Line: 218 Column: 18 CWE codes: 327
Suggestion: Use a more secure technique for acquiring random values 

                : public detail::select_uniform_01<UniformRandomNumberGenerator>::BOOST_NESTED_TEMPLATE apply<RealType>::type
{
  typedef typename detail::select_uniform_01<UniformRandomNumberGenerator>::BOOST_NESTED_TEMPLATE apply<RealType>::type impl_type;
  typedef boost::random::detail::ptr_helper<UniformRandomNumberGenerator> traits;
public:

  uniform_01() {}

  explicit uniform_01(typename traits::rvalue_type rng)

Reported by FlawFinder.

random - This function is not sufficiently random for security-related functions such as key and nonce creation
Security

Line: 251 Column: 7 CWE codes: 327
Suggestion: Use a more secure technique for acquiring random values 

              
} // namespace random

using random::uniform_01;

} // namespace boost

#include <boost/random/detail/enable_warnings.hpp>

Reported by FlawFinder.

src/third_party/boost/boost/date_time/local_time/local_time_io.hpp
4 issues
setstate - This function is not sufficiently random for security-related functions such as key and nonce creation
Security

Line: 106 Column: 20 CWE codes: 327
Suggestion: Use a more secure technique for acquiring random values 

                      // if the user wants exceptions on failbit, we'll rethrow our 
        // date_time exception & set the failbit
        if(std::ios_base::failbit & exception_mask) {
          try { is.setstate(std::ios_base::failbit); }
          catch(std::ios_base::failure&) {} // ignore this one
          throw; // rethrow original exception
        }
        else {
          // if the user want's to fail quietly, we simply set the failbit

Reported by FlawFinder.

setstate - This function is not sufficiently random for security-related functions such as key and nonce creation
Security

Line: 112 Column: 14 CWE codes: 327
Suggestion: Use a more secure technique for acquiring random values 

                      }
        else {
          // if the user want's to fail quietly, we simply set the failbit
          is.setstate(std::ios_base::failbit);
        }

      }
    }
    return is;

Reported by FlawFinder.

setstate - This function is not sufficiently random for security-related functions such as key and nonce creation
Security

Line: 172 Column: 20 CWE codes: 327
Suggestion: Use a more secure technique for acquiring random values 

                    catch(...) {
        std::ios_base::iostate exception_mask = is.exceptions();
        if(std::ios_base::failbit & exception_mask) {
          try { is.setstate(std::ios_base::failbit); }
          catch(std::ios_base::failure&) {}
          throw; // rethrow original exception
        }
        else {
          is.setstate(std::ios_base::failbit);

Reported by FlawFinder.

setstate - This function is not sufficiently random for security-related functions such as key and nonce creation
Security

Line: 177 Column: 14 CWE codes: 327
Suggestion: Use a more secure technique for acquiring random values 

                        throw; // rethrow original exception
        }
        else {
          is.setstate(std::ios_base::failbit);
        }

      }
    }
    return is;

Reported by FlawFinder.

src/third_party/boost/boost/container_hash/detail/float_functions.hpp
4 issues
char - Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues
Security

Line: 127 Column: 40 CWE codes: 119 120
Suggestion: Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length 

                      // A type for detecting the return type of functions.

        template <typename T> struct is;
        template <> struct is<float> { char x[10]; };
        template <> struct is<double> { char x[20]; };
        template <> struct is<long double> { char x[30]; };
        template <> struct is<boost::hash_detail::not_found> { char x[40]; };
            
        // Used to convert the return type of a function to a type for sizeof.

Reported by FlawFinder.

char - Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues
Security

Line: 128 Column: 41 CWE codes: 119 120
Suggestion: Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length 

              
        template <typename T> struct is;
        template <> struct is<float> { char x[10]; };
        template <> struct is<double> { char x[20]; };
        template <> struct is<long double> { char x[30]; };
        template <> struct is<boost::hash_detail::not_found> { char x[40]; };
            
        // Used to convert the return type of a function to a type for sizeof.

Reported by FlawFinder.

char - Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues
Security

Line: 129 Column: 46 CWE codes: 119 120
Suggestion: Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length 

                      template <typename T> struct is;
        template <> struct is<float> { char x[10]; };
        template <> struct is<double> { char x[20]; };
        template <> struct is<long double> { char x[30]; };
        template <> struct is<boost::hash_detail::not_found> { char x[40]; };
            
        // Used to convert the return type of a function to a type for sizeof.

        template <typename T> is<T> float_type(T);

Reported by FlawFinder.

char - Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues
Security

Line: 130 Column: 64 CWE codes: 119 120
Suggestion: Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length 

                      template <> struct is<float> { char x[10]; };
        template <> struct is<double> { char x[20]; };
        template <> struct is<long double> { char x[30]; };
        template <> struct is<boost::hash_detail::not_found> { char x[40]; };
            
        // Used to convert the return type of a function to a type for sizeof.

        template <typename T> is<T> float_type(T);

Reported by FlawFinder.

src/mongo/installer/msi/ca/CustomAction.cpp
4 issues
char - Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues
Security

Line: 74 Column: 5 CWE codes: 119 120
Suggestion: Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length 

              HRESULT LogMessage(MSIHANDLE hInstall, INSTALLMESSAGE eMessageType, char const* format, ...) {
    va_list args;
    const size_t bufSize = 4096;
    char buf[bufSize];

    va_start(args, format);
    vsnprintf_s(buf, bufSize, format, args);
    va_end(args);

Reported by FlawFinder.

read - Check buffer boundaries if used in a loop including recursive loops
Security

Line: 312 Column: 15 CWE codes: 120 20 

              
        LOG_INFO("CA - Reading file - %d bytes", bufSize);

        DWORD read;
        if (!ReadFile(hFile, (void*)buf.get(), bufSize, &read, NULL)) {
            CHECKGLE_AND_LOG("Failed to read yaml file");
        }

        buf.get()[read] = '\0';

Reported by FlawFinder.

read - Check buffer boundaries if used in a loop including recursive loops
Security

Line: 313 Column: 58 CWE codes: 120 20 

                      LOG_INFO("CA - Reading file - %d bytes", bufSize);

        DWORD read;
        if (!ReadFile(hFile, (void*)buf.get(), bufSize, &read, NULL)) {
            CHECKGLE_AND_LOG("Failed to read yaml file");
        }

        buf.get()[read] = '\0';

Reported by FlawFinder.

read - Check buffer boundaries if used in a loop including recursive loops
Security

Line: 317 Column: 19 CWE codes: 120 20 

                          CHECKGLE_AND_LOG("Failed to read yaml file");
        }

        buf.get()[read] = '\0';

        LOG_INFO("CA - Reading file - '%s'", buf.get());

        std::string str(buf.get());

Reported by FlawFinder.

src/mongo/idl/idl_parser.h
4 issues
equal - Function does not check the second iterator for over-read conditions
Security

Line: 148 Column: 35 CWE codes: 126
Suggestion: This function is often discouraged by most C++ coding standards in favor of its safer alternatives provided since C++14. Consider using a form of this function that checks the second iterator before potentially overflowing it 

              template <typename T>
struct Ordering {
    friend bool operator==(const Ordering& a, const Ordering& b) {
        return BasicOrderOps<T>{}.equal(a._v, b._v);
    }
    friend bool operator<(const Ordering& a, const Ordering& b) {
        return BasicOrderOps<T>{}.less(a._v, b._v);
    }
    friend bool operator!=(const Ordering& a, const Ordering& b) {

Reported by FlawFinder.

equal - Function does not check the second iterator for over-read conditions
Security

Line: 174 Column: 10 CWE codes: 126
Suggestion: This function is often discouraged by most C++ coding standards in favor of its safer alternatives provided since C++14. Consider using a form of this function that checks the second iterator before potentially overflowing it 

              /** fallback case */
template <typename T>
struct BasicOrderOps {
    bool equal(const T& a, const T& b) const {
        return a == b;
    }
    bool less(const T& a, const T& b) const {
        return a < b;
    }

Reported by FlawFinder.

equal - Function does not check the second iterator for over-read conditions
Security

Line: 184 Column: 10 CWE codes: 126
Suggestion: This function is often discouraged by most C++ coding standards in favor of its safer alternatives provided since C++14. Consider using a form of this function that checks the second iterator before potentially overflowing it 

              
template <>
struct BasicOrderOps<BSONObj> {
    bool equal(const BSONObj& a, const BSONObj& b) const {
        return _cmp(a, b) == 0;
    }

    bool less(const BSONObj& a, const BSONObj& b) const {
        return _cmp(a, b) < 0;

Reported by FlawFinder.

equal - Function does not check the second iterator for over-read conditions
Security

Line: 201 Column: 10 CWE codes: 126
Suggestion: This function is often discouraged by most C++ coding standards in favor of its safer alternatives provided since C++14. Consider using a form of this function that checks the second iterator before potentially overflowing it 

              /** Disengaged optionals precede engaged optionals. */
template <typename T>
struct BasicOrderOps<boost::optional<T>> {
    bool equal(const boost::optional<T>& a, const boost::optional<T>& b) const {
        return (!a || !b) ? (!!a == !!b) : (Ordering{*a} == Ordering{*b});
    }

    bool less(const boost::optional<T>& a, const boost::optional<T>& b) const {
        return (!a || !b) ? (!!a < !!b) : (Ordering{*a} < Ordering{*b});

Reported by FlawFinder.