The following issues were found
src/third_party/boost/libs/log/src/setup/init_from_settings.cpp
3 issues
Line: 589
Column: 45
CWE codes:
134
Suggestion:
Use a constant format string for syslog
shared_ptr< backend_t > backend = boost::make_shared< backend_t >();
// For now we use only the default level mapping. Will add support for configuration later.
backend->set_severity_mapper(sinks::syslog::direct_severity_mapping< >(log::aux::default_attribute_names::severity()));
#if !defined(BOOST_LOG_NO_ASIO)
// Setup local and remote addresses
if (optional< string_type > local_address_param = params["LocalAddress"])
backend->set_local_address(param_cast_to_address("LocalAddress", local_address_param.get()));
Reported by FlawFinder.
Line: 186
Column: 43
CWE codes:
126
Suggestion:
This function is often discouraged by most C++ coding standards in favor of its safer alternatives provided since C++14. Consider using a form of this function that checks the second iterator before potentially overflowing it
template< typename CharT >
inline bool is_weekday(const CharT* str, std::size_t len, boost::log::basic_string_literal< CharT > const& weekday, boost::log::basic_string_literal< CharT > const& short_weekday)
{
return (len == weekday.size() && std::equal(weekday.begin(), weekday.end(), str)) ||
(len == short_weekday.size() && std::equal(short_weekday.begin(), short_weekday.end(), str));
}
//! The function extracts the file rotation time point predicate from the parameter
template< typename CharT >
Reported by FlawFinder.
Line: 187
Column: 46
CWE codes:
126
Suggestion:
This function is often discouraged by most C++ coding standards in favor of its safer alternatives provided since C++14. Consider using a form of this function that checks the second iterator before potentially overflowing it
inline bool is_weekday(const CharT* str, std::size_t len, boost::log::basic_string_literal< CharT > const& weekday, boost::log::basic_string_literal< CharT > const& short_weekday)
{
return (len == weekday.size() && std::equal(weekday.begin(), weekday.end(), str)) ||
(len == short_weekday.size() && std::equal(short_weekday.begin(), short_weekday.end(), str));
}
//! The function extracts the file rotation time point predicate from the parameter
template< typename CharT >
sinks::file::rotation_at_time_point param_cast_to_rotation_time_point(const char* param_name, std::basic_string< CharT > const& value)
Reported by FlawFinder.
src/third_party/boost/libs/locale/src/win32/api.hpp
3 issues
Line: 113
Column: 9
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static const int de_size = 4;
static const int gr_size = 10;
wchar_t th[th_size]={0};
wchar_t de[de_size]={0};
wchar_t gr[gr_size]={0};
if( GetLocaleInfoW(lcid,LOCALE_STHOUSAND,th,th_size)==0
|| GetLocaleInfoW(lcid,LOCALE_SDECIMAL ,de,de_size)==0
Reported by FlawFinder.
Line: 114
Column: 9
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static const int gr_size = 10;
wchar_t th[th_size]={0};
wchar_t de[de_size]={0};
wchar_t gr[gr_size]={0};
if( GetLocaleInfoW(lcid,LOCALE_STHOUSAND,th,th_size)==0
|| GetLocaleInfoW(lcid,LOCALE_SDECIMAL ,de,de_size)==0
|| GetLocaleInfoW(lcid,LOCALE_SGROUPING,gr,gr_size)==0)
Reported by FlawFinder.
Line: 115
Column: 9
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
wchar_t th[th_size]={0};
wchar_t de[de_size]={0};
wchar_t gr[gr_size]={0};
if( GetLocaleInfoW(lcid,LOCALE_STHOUSAND,th,th_size)==0
|| GetLocaleInfoW(lcid,LOCALE_SDECIMAL ,de,de_size)==0
|| GetLocaleInfoW(lcid,LOCALE_SGROUPING,gr,gr_size)==0)
{
Reported by FlawFinder.
site_scons/site_tools/xcode.py
3 issues
Line: 1
Column: 1
# Copyright 2020 MongoDB Inc.
#
# Permission is hereby granted, free of charge, to any person obtaining
# a copy of this software and associated documentation files (the
# "Software"), to deal in the Software without restriction, including
# without limitation the rights to use, copy, modify, merge, publish,
# distribute, sublicense, and/or sell copies of the Software, and to
# permit persons to whom the Software is furnished to do so, subject to
# the following conditions:
Reported by Pylint.
Line: 26
Column: 1
import os
def exists(env):
return env.Detect("xcrun")
def generate(env):
if not exists(env):
Reported by Pylint.
Line: 30
Column: 1
return env.Detect("xcrun")
def generate(env):
if not exists(env):
return
if "DEVELOPER_DIR" in os.environ:
env["ENV"]["DEVELOPER_DIR"] = os.environ["DEVELOPER_DIR"]
Reported by Pylint.
src/third_party/boost/libs/locale/src/shared/format.cpp
3 issues
Line: 78
Column: 33
CWE codes:
190
Suggestion:
If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended)
break;
}
if(i==key.size()) {
d->position=atoi(key.c_str()) - 1;
return;
}
if(key=="num" || key=="number") {
as::number(ios_);
Reported by FlawFinder.
Line: 162
Column: 32
CWE codes:
190
Suggestion:
If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended)
else if(key=="timezone" || key=="tz")
ios_info::get(ios_).time_zone(value);
else if(key=="w" || key=="width")
ios_.width(atoi(value.c_str()));
else if(key=="p" || key=="precision")
ios_.precision(atoi(value.c_str()));
else if(key=="locale") {
if(!d->restore_locale) {
d->saved_locale=ios_.getloc();
Reported by FlawFinder.
Line: 164
Column: 36
CWE codes:
190
Suggestion:
If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended)
else if(key=="w" || key=="width")
ios_.width(atoi(value.c_str()));
else if(key=="p" || key=="precision")
ios_.precision(atoi(value.c_str()));
else if(key=="locale") {
if(!d->restore_locale) {
d->saved_locale=ios_.getloc();
d->restore_locale=true;
}
Reported by FlawFinder.
src/third_party/boost/libs/atomic/src/lock_pool.cpp
3 issues
Line: 1088
Column: 5
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
{
lock_state state;
// The additional padding is needed to avoid false sharing between locks
char padding[PaddingSize];
};
template< >
struct BOOST_ALIGNMENT(BOOST_ATOMIC_CACHE_LINE_SIZE) padded_lock_state< 0u >
{
Reported by FlawFinder.
Line: 1255
Column: 14
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
h->size = old_header->size;
const volatile void** old_a = get_atomic_pointers(old_header);
std::memcpy(a, old_a, old_header->size * sizeof(const volatile void*));
std::memset(a + old_header->size * sizeof(const volatile void*), 0, (new_capacity - old_header->size) * sizeof(const volatile void*));
wait_state** old_w = get_wait_states(old_a, old_header->capacity);
std::memcpy(w, old_w, old_header->capacity * sizeof(wait_state*)); // copy spare wait state pointers
std::memset(w + old_header->capacity * sizeof(wait_state*), 0, (new_capacity - old_header->capacity) * sizeof(wait_state*));
Reported by FlawFinder.
Line: 1259
Column: 14
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
std::memset(a + old_header->size * sizeof(const volatile void*), 0, (new_capacity - old_header->size) * sizeof(const volatile void*));
wait_state** old_w = get_wait_states(old_a, old_header->capacity);
std::memcpy(w, old_w, old_header->capacity * sizeof(wait_state*)); // copy spare wait state pointers
std::memset(w + old_header->capacity * sizeof(wait_state*), 0, (new_capacity - old_header->capacity) * sizeof(wait_state*));
}
else
{
std::memset(p, 0, new_buffer_size);
Reported by FlawFinder.
src/third_party/boost/libs/locale/src/encoding/conv.hpp
3 issues
Line: 72
Column: 34
CWE codes:
362
typedef std::string string_type;
virtual bool open(char const *to_charset,char const *from_charset,method_type how) = 0;
virtual std::string convert(char const *begin,char const *end) = 0;
virtual ~converter_between()
{
Reported by FlawFinder.
Line: 88
Column: 34
CWE codes:
362
typedef std::basic_string<char_type> string_type;
virtual bool open(char const *charset,method_type how) = 0;
virtual std::string convert(CharType const *begin,CharType const *end) = 0;
virtual ~converter_from_utf()
{
Reported by FlawFinder.
Line: 104
Column: 34
CWE codes:
362
typedef std::basic_string<char_type> string_type;
virtual bool open(char const *charset,method_type how) = 0;
virtual string_type convert(char const *begin,char const *end) = 0;
virtual ~converter_to_utf()
{
Reported by FlawFinder.
src/mongo/rpc/object_check_test.cpp
3 issues
Line: 49
using std::end;
using std::swap;
TEST(DataTypeValidated, BSONValidationEnabled) {
bool wasEnabled = serverGlobalParams.objcheck;
const auto setValidation = [&](bool enabled) { serverGlobalParams.objcheck = enabled; };
ON_BLOCK_EXIT([=] { setValidation(wasEnabled); });
BSONObj valid = BSON("baz"
Reported by Cppcheck.
Line: 59
Column: 5
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
<< "garply"
<< BSON("foo"
<< "bar"));
char buf[1024] = {0};
std::copy(valid.objdata(), valid.objdata() + valid.objsize(), begin(buf));
{
Validated<BSONObj> v;
ConstDataRangeCursor cdrc(begin(buf), end(buf));
ASSERT_OK(cdrc.readAndAdvanceNoThrow(&v));
Reported by FlawFinder.
Line: 105
Column: 5
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
<< "garply"
<< BSON("foo"
<< "bar"));
char buf[1024] = {0};
std::copy(valid.objdata(), valid.objdata() + valid.objsize(), begin(buf));
{
// mess up the data
DataRangeCursor drc(begin(buf), end(buf));
Reported by FlawFinder.
src/third_party/boost/boost/type_index/type_index_facade.hpp
3 issues
Line: 86
Column: 17
CWE codes:
126
Suggestion:
This function is often discouraged by most C++ coding standards in favor of its safer alternatives provided since C++14. Consider using a form of this function that checks the second iterator before potentially overflowing it
/// \b Override: This function \b may be redefined in Derived class. Overrides \b must not throw.
/// \return True if two types are equal. By default compares types by raw_name().
inline bool equal(const Derived& rhs) const BOOST_NOEXCEPT {
const char* const left = derived().raw_name();
const char* const right = rhs.raw_name();
return left == right || !std::strcmp(left, right);
}
Reported by FlawFinder.
Line: 106
Column: 60
CWE codes:
126
/// Derived class to not use boost::hash_range().
inline std::size_t hash_code() const BOOST_NOEXCEPT {
const char* const name_raw = derived().raw_name();
return boost::hash_range(name_raw, name_raw + std::strlen(name_raw));
}
#if defined(BOOST_TYPE_INDEX_DOXYGEN_INVOKED)
protected:
/// \b Override: This function \b must be redefined in Derived class. Overrides \b must not throw.
Reported by FlawFinder.
Line: 155
Column: 45
CWE codes:
126
Suggestion:
This function is often discouraged by most C++ coding standards in favor of its safer alternatives provided since C++14. Consider using a form of this function that checks the second iterator before potentially overflowing it
/// @cond
template <class Derived, class TypeInfo>
BOOST_CXX14_CONSTEXPR inline bool operator == (const type_index_facade<Derived, TypeInfo>& lhs, const type_index_facade<Derived, TypeInfo>& rhs) BOOST_NOEXCEPT {
return static_cast<Derived const&>(lhs).equal(static_cast<Derived const&>(rhs));
}
template <class Derived, class TypeInfo>
BOOST_CXX14_CONSTEXPR inline bool operator < (const type_index_facade<Derived, TypeInfo>& lhs, const type_index_facade<Derived, TypeInfo>& rhs) BOOST_NOEXCEPT {
return static_cast<Derived const&>(lhs).before(static_cast<Derived const&>(rhs));
Reported by FlawFinder.
src/third_party/boost/boost/test/utils/setcolor.hpp
3 issues
Line: 92
Column: 31
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
state* /* unused */= NULL)
: m_is_color_output(is_color_output)
{
m_command_size = std::sprintf( m_control_command, "%c[%c;3%c;4%cm",
0x1B,
static_cast<char>(attr + '0'),
static_cast<char>(fg + '0'),
static_cast<char>(bg + '0'));
}
Reported by FlawFinder.
Line: 103
Column: 31
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
state* /* unused */)
: m_is_color_output(is_color_output)
{
m_command_size = std::sprintf(m_control_command, "%c[%c;3%c;4%cm",
0x1B,
static_cast<char>(term_attr::NORMAL + '0'),
static_cast<char>(term_color::ORIGINAL + '0'),
static_cast<char>(term_color::ORIGINAL + '0'));
}
Reported by FlawFinder.
Line: 122
Column: 5
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
private:
// Data members
bool m_is_color_output;
char m_control_command[13];
int m_command_size;
};
#else
Reported by FlawFinder.
src/third_party/boost/boost/system/detail/generic_category_message.hpp
3 issues
Line: 20
Column: 11
CWE codes:
78
Suggestion:
try using a library call that implements the same functionality if available
namespace boost
{
namespace system
{
namespace detail
{
Reported by FlawFinder.
Line: 47
Column: 5
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
inline std::string generic_error_category_message( int ev )
{
char buffer[ 128 ];
return generic_error_category_message( ev, buffer, sizeof( buffer ) );
}
#else // #if defined(__GLIBC__)
Reported by FlawFinder.
Line: 88
Column: 10
CWE codes:
120
if( m == 0 ) return "Unknown error";
std::strncpy( buffer, m, len - 1 );
buffer[ len-1 ] = 0;
return buffer;
}
Reported by FlawFinder.