The following issues were found
src/third_party/abseil-cpp-master/abseil-cpp/absl/hash/internal/hash.h
4 issues
Line: 113
Column: 12
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
H finalize(H state);
private:
unsigned char buf_[PiecewiseChunkSize()];
size_t position_;
};
// HashStateBase
//
Reported by FlawFinder.
Line: 1007
Column: 5
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
size_t size) {
if (position_ + size < PiecewiseChunkSize()) {
// This partial chunk does not fill our existing buffer
memcpy(buf_ + position_, data, size);
position_ += size;
return state;
}
// If the buffer is partially filled we need to complete the buffer
Reported by FlawFinder.
Line: 1016
Column: 5
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
// and hash it.
if (position_ != 0) {
const size_t bytes_needed = PiecewiseChunkSize() - position_;
memcpy(buf_ + position_, data, bytes_needed);
state = H::combine_contiguous(std::move(state), buf_, PiecewiseChunkSize());
data += bytes_needed;
size -= bytes_needed;
}
Reported by FlawFinder.
Line: 1029
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
size -= PiecewiseChunkSize();
}
// Fill the buffer with the remainder
memcpy(buf_, data, size);
position_ = size;
return state;
}
// HashStateBase::PiecewiseCombiner::finalize()
Reported by FlawFinder.
src/third_party/abseil-cpp-master/abseil-cpp/absl/strings/internal/utf8_test.cc
4 issues
Line: 37
Column: 5
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
{0x0000FFFF, u8"\U0000FFFF"},
{0x0010FFFD, u8"\U0010FFFD"}};
for (auto &test : tests) {
char buf0[7] = {'\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00'};
char buf1[7] = {'\xFF', '\xFF', '\xFF', '\xFF', '\xFF', '\xFF', '\xFF'};
char *buf0_written =
&buf0[absl::strings_internal::EncodeUTF8Char(buf0, test.first)];
char *buf1_written =
&buf1[absl::strings_internal::EncodeUTF8Char(buf1, test.first)];
Reported by FlawFinder.
Line: 38
Column: 5
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
{0x0010FFFD, u8"\U0010FFFD"}};
for (auto &test : tests) {
char buf0[7] = {'\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00'};
char buf1[7] = {'\xFF', '\xFF', '\xFF', '\xFF', '\xFF', '\xFF', '\xFF'};
char *buf0_written =
&buf0[absl::strings_internal::EncodeUTF8Char(buf0, test.first)];
char *buf1_written =
&buf1[absl::strings_internal::EncodeUTF8Char(buf1, test.first)];
int apparent_length = 7;
Reported by FlawFinder.
Line: 54
Column: 3
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
EXPECT_EQ(std::string(buf0, apparent_length), test.second);
EXPECT_EQ(std::string(buf1, apparent_length), test.second);
}
char buf[32] = "Don't Tread On Me";
EXPECT_LE(absl::strings_internal::EncodeUTF8Char(buf, 0x00110000),
absl::strings_internal::kMaxEncodedUTF8Size);
char buf2[32] = "Negative is invalid but sane";
EXPECT_LE(absl::strings_internal::EncodeUTF8Char(buf2, -1),
absl::strings_internal::kMaxEncodedUTF8Size);
Reported by FlawFinder.
Line: 57
Column: 3
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
char buf[32] = "Don't Tread On Me";
EXPECT_LE(absl::strings_internal::EncodeUTF8Char(buf, 0x00110000),
absl::strings_internal::kMaxEncodedUTF8Size);
char buf2[32] = "Negative is invalid but sane";
EXPECT_LE(absl::strings_internal::EncodeUTF8Char(buf2, -1),
absl::strings_internal::kMaxEncodedUTF8Size);
}
#if defined(__clang__)
#pragma clang diagnostic pop
Reported by FlawFinder.
src/mongo/db/initialize_server_global_state.cpp
4 issues
Line: 299
lv2Config.maxAttributeSizeKB = &gMaxLogAttributeSizeKB;
bool writeServerRestartedAfterLogConfig = false;
if (serverGlobalParams.logWithSyslog) {
#ifdef _WIN32
uasserted(ErrorCodes::InternalError,
"Syslog requested in Windows build; command line processor logic error");
#else
lv2Config.consoleEnabled = false;
Reported by Cppcheck.
Line: 242
Column: 26
CWE codes:
120
20
croak("closing write side of pipe failed");
char c;
ssize_t nr;
while ((nr = read(readyPipe[0], &c, 1)) == -1 && errno == EINTR) {
}
if (nr == -1)
croak("pipe read failed");
if (nr == 0)
// pipe reached eof without the daemon signalling readiness.
Reported by FlawFinder.
Line: 445
Column: 16
CWE codes:
732
// without modifying it.
// Do this conservatively by setting a short-lived umask of 0777
// in order to pull out the user portion of the current umask.
umask((umask(S_IRWXU | S_IRWXG | S_IRWXO) & S_IRWXU) | getUmaskOverride());
}
}
} // namespace
#endif
Reported by FlawFinder.
Line: 445
Column: 9
CWE codes:
732
// without modifying it.
// Do this conservatively by setting a short-lived umask of 0777
// in order to pull out the user portion of the current umask.
umask((umask(S_IRWXU | S_IRWXG | S_IRWXO) & S_IRWXU) | getUmaskOverride());
}
}
} // namespace
#endif
Reported by FlawFinder.
src/third_party/abseil-cpp-master/abseil-cpp/absl/status/status_test.cc
4 issues
Line: 28
using ::testing::Optional;
using ::testing::UnorderedElementsAreArray;
TEST(StatusCode, InsertionOperator) {
const absl::StatusCode code = absl::StatusCode::kUnknown;
std::ostringstream oss;
oss << code;
EXPECT_EQ(oss.str(), absl::StatusCodeToString(code));
}
Reported by Cppcheck.
Line: 80
Column: 15
CWE codes:
120
// Ensure that the creator does, in fact, create status objects with the
// expected error code and message.
std::string message =
absl::StrCat("error code ", test.code, " test message");
absl::Status status = test.creator(message);
EXPECT_EQ(test.code, status.code());
EXPECT_EQ(message, status.message());
// Ensure that the classifier returns true for a status produced by the
Reported by FlawFinder.
Line: 168
Column: 31
CWE codes:
120
EXPECT_THAT(bad_status.GetPayload(kUrl1), Optional(Eq(kPayload3)));
// Testing dynamically generated type_url
bad_status.SetPayload(absl::StrCat(kUrl1, ".1"), absl::Cord(kPayload1));
EXPECT_THAT(bad_status.GetPayload(absl::StrCat(kUrl1, ".1")),
Optional(Eq(kPayload1)));
}
TEST(Status, TestErasePayload) {
Reported by FlawFinder.
Line: 169
Column: 43
CWE codes:
120
// Testing dynamically generated type_url
bad_status.SetPayload(absl::StrCat(kUrl1, ".1"), absl::Cord(kPayload1));
EXPECT_THAT(bad_status.GetPayload(absl::StrCat(kUrl1, ".1")),
Optional(Eq(kPayload1)));
}
TEST(Status, TestErasePayload) {
absl::Status bad_status(absl::StatusCode::kInternal, "fail");
Reported by FlawFinder.
src/third_party/wiredtiger/src/btree/bt_vrfy.c
4 issues
Line: 114
Column: 27
CWE codes:
120
20
Suggestion:
Specify a limit to %s, or use a different input function
*/
*quitp = true;
/* NOLINTNEXTLINE(cert-err34-c) */
if (v.len != 0 || sscanf(k.str, "%" SCNu64, &offset) != 1)
WT_RET_MSG(session, EINVAL, "unexpected dump offset format");
#if !defined(HAVE_DIAGNOSTIC)
WT_RET_MSG(session, ENOTSUP, "the WiredTiger library was not built in diagnostic mode");
#else
WT_TRET(__wt_debug_offset_blind(session, (wt_off_t)offset, NULL));
Reported by FlawFinder.
Line: 369
Column: 5
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
WT_ADDR_COPY addr;
WT_DECL_ITEM(tmp);
WT_DECL_RET;
char time_string[WT_TIME_STRING_SIZE];
WT_ERR(__wt_scr_alloc(session, 0, &tmp));
if (__wt_ref_addr_copy(session, ref, &addr)) {
WT_ERR(
Reported by FlawFinder.
Line: 731
Column: 5
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
{
WT_BTREE *btree;
WT_DECL_RET;
char tp_string[2][WT_TS_INT_STRING_SIZE];
bool start;
btree = S2BT(session);
start = true;
Reported by FlawFinder.
Line: 780
Column: 5
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
wt_timestamp_t older_start_ts, older_stop_ts;
uint64_t hs_counter;
uint32_t hs_btree_id;
char ts_string[2][WT_TS_INT_STRING_SIZE];
btree = S2BT(session);
hs_btree_id = btree->id;
WT_RET(__wt_curhs_open(session, NULL, &hs_cursor));
F_SET(hs_cursor, WT_CURSTD_HS_READ_COMMITTED);
Reported by FlawFinder.
src/third_party/wiredtiger/src/block/block_ext.c
3 issues
Line: 1288
Column: 27
CWE codes:
126
WT_CLEAR(*el);
size =
(name == NULL ? 0 : strlen(name)) + strlen(".") + (extname == NULL ? 0 : strlen(extname) + 1);
WT_RET(__wt_calloc_def(session, size, &el->name));
WT_RET(__wt_snprintf(
el->name, size, "%s.%s", name == NULL ? "" : name, extname == NULL ? "" : extname));
el->offset = WT_BLOCK_INVALID_OFFSET;
Reported by FlawFinder.
Line: 1288
Column: 43
CWE codes:
126
WT_CLEAR(*el);
size =
(name == NULL ? 0 : strlen(name)) + strlen(".") + (extname == NULL ? 0 : strlen(extname) + 1);
WT_RET(__wt_calloc_def(session, size, &el->name));
WT_RET(__wt_snprintf(
el->name, size, "%s.%s", name == NULL ? "" : name, extname == NULL ? "" : extname));
el->offset = WT_BLOCK_INVALID_OFFSET;
Reported by FlawFinder.
Line: 1288
Column: 80
CWE codes:
126
WT_CLEAR(*el);
size =
(name == NULL ? 0 : strlen(name)) + strlen(".") + (extname == NULL ? 0 : strlen(extname) + 1);
WT_RET(__wt_calloc_def(session, size, &el->name));
WT_RET(__wt_snprintf(
el->name, size, "%s.%s", name == NULL ? "" : name, extname == NULL ? "" : extname));
el->offset = WT_BLOCK_INVALID_OFFSET;
Reported by FlawFinder.
src/mongo/db/index_build_entry_helpers_test.cpp
3 issues
Line: 127
IndexBuildEntry _thirdEntry;
};
TEST_F(IndexBuildEntryHelpersTest, AddIndexBuildEntry) {
// Insert an entry twice. The second time we should get a DuplicateKey error.
ASSERT_OK(addIndexBuildEntry(operationContext(), _firstEntry));
Status status = addIndexBuildEntry(operationContext(), _firstEntry);
ASSERT_EQUALS(status.code(), ErrorCodes::DuplicateKey);
Reported by Cppcheck.
Line: 81
Column: 22
CWE codes:
126
Suggestion:
This function is often discouraged by most C++ coding standards in favor of its safer alternatives provided since C++14. Consider using a form of this function that checks the second iterator before potentially overflowing it
auto lhsIndexNames = lhs.getIndexNames();
auto rhsIndexNames = rhs.getIndexNames();
ASSERT_TRUE(std::equal(lhsIndexNames.begin(), lhsIndexNames.end(), rhsIndexNames.begin()));
if (lhs.getCommitReadyMembers() && rhs.getCommitReadyMembers()) {
auto lhsMembers = lhs.getCommitReadyMembers().get();
auto rhsMembers = rhs.getCommitReadyMembers().get();
ASSERT_TRUE(std::equal(lhsMembers.begin(), lhsMembers.end(), rhsMembers.begin()));
Reported by FlawFinder.
Line: 86
Column: 26
CWE codes:
126
Suggestion:
This function is often discouraged by most C++ coding standards in favor of its safer alternatives provided since C++14. Consider using a form of this function that checks the second iterator before potentially overflowing it
if (lhs.getCommitReadyMembers() && rhs.getCommitReadyMembers()) {
auto lhsMembers = lhs.getCommitReadyMembers().get();
auto rhsMembers = rhs.getCommitReadyMembers().get();
ASSERT_TRUE(std::equal(lhsMembers.begin(), lhsMembers.end(), rhsMembers.begin()));
} else {
ASSERT_FALSE(lhs.getCommitReadyMembers());
ASSERT_FALSE(rhs.getCommitReadyMembers());
}
}
Reported by FlawFinder.
buildscripts/resmokelib/hang_analyzer/process.py
3 issues
Line: 6
Suggestion:
https://bandit.readthedocs.io/en/latest/blacklists/blacklist_imports.html#b404-import-subprocess
import logging
import os
import signal
import subprocess
import sys
import time
from distutils import spawn # pylint: disable=no-name-in-module
from datetime import datetime
Reported by Bandit.
Line: 30
Suggestion:
https://bandit.readthedocs.io/en/latest/plugins/b603_subprocess_without_shell_equals_true.html
logger.info(str(args))
# Use a common pipe for stdout & stderr for logging.
process = subprocess.Popen(args, stdout=subprocess.PIPE, stderr=subprocess.STDOUT)
logger_pipe = core.pipe.LoggerPipe(logger, logging.INFO, process.stdout)
logger_pipe.wait_until_started()
ret = process.wait()
logger_pipe.wait_until_finished()
Reported by Bandit.
Line: 55
Suggestion:
https://bandit.readthedocs.io/en/latest/plugins/b603_subprocess_without_shell_equals_true.html
def callo(args, logger):
"""Call subprocess on args string."""
logger.info("%s", str(args))
return subprocess.check_output(args).decode('utf-8', 'replace')
def signal_python(logger, pname, pid):
"""
Send appropriate dumping signal to python processes.
Reported by Bandit.
src/third_party/wiredtiger/ext/encryptors/nop/nop_encrypt.c
3 issues
Line: 209
CWE codes:
401
/* Return the new encryptor. */
*customp = (WT_ENCRYPTOR *)new;
return (0);
err:
free(new);
return (ret);
}
Reported by Cppcheck.
Line: 81
Column: 5
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (dst_len < src_len)
return (nop_error(nop_encryptor, session, ENOMEM, "encrypt buffer not big enough"));
memcpy(dst, src, src_len);
*result_lenp = src_len;
return (0);
}
/*! [WT_ENCRYPTOR encrypt] */
Reported by FlawFinder.
Line: 107
Column: 5
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
/*
* The destination length is the number of unencrypted bytes we're expected to return.
*/
memcpy(dst, src, dst_len);
*result_lenp = dst_len;
return (0);
}
/*! [WT_ENCRYPTOR decrypt] */
Reported by FlawFinder.
src/third_party/wiredtiger/ext/compressors/lz4/lz4_compress.c
3 issues
Line: 149
Column: 9
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
#ifdef WORDS_BIGENDIAN
lz4_prefix_swap(&prefix);
#endif
memcpy(dst, &prefix, sizeof(LZ4_PREFIX));
*result_lenp = (size_t)lz4_len + sizeof(LZ4_PREFIX);
*compression_failed = 0;
return (0);
}
Reported by FlawFinder.
Line: 179
Column: 5
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
* Retrieve the true length of the compressed block and source and the decompressed bytes to
* return from the start of the source buffer.
*/
memcpy(&prefix, src, sizeof(LZ4_PREFIX));
#ifdef WORDS_BIGENDIAN
lz4_prefix_swap(&prefix);
#endif
if (prefix.compressed_len + sizeof(LZ4_PREFIX) > src_len) {
(void)wt_api->err_printf(
Reported by FlawFinder.
Line: 211
Column: 13
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
(int)prefix.compressed_len, (int)prefix.uncompressed_len);
if (decoded >= 0)
memcpy(dst, dst_tmp, dst_len);
wt_api->scr_free(wt_api, session, dst_tmp);
} else
decoded = LZ4_decompress_safe((const char *)src + sizeof(LZ4_PREFIX), (char *)dst,
(int)prefix.compressed_len, (int)dst_len);
Reported by FlawFinder.