The following issues were found

src/third_party/boost/boost/random/variate_generator.hpp
3 issues
random - This function is not sufficiently random for security-related functions such as key and nonce creation
Security

Line: 26 Column: 11 CWE codes: 327
Suggestion: Use a more secure technique for acquiring random values 

              
/// \cond hide_private_members

namespace random {

///\endcond

/**
 * A random variate generator is used to join a random number

Reported by FlawFinder.

random - This function is not sufficiently random for security-related functions such as key and nonce creation
Security

Line: 54 Column: 20 CWE codes: 327
Suggestion: Use a more secure technique for acquiring random values 

              class variate_generator
{
private:
    typedef boost::random::detail::ptr_helper<Engine> helper_type;
public:
    typedef typename helper_type::value_type engine_value_type;
    typedef Engine engine_type;
    typedef Distribution distribution_type;
    typedef typename Distribution::result_type result_type;

Reported by FlawFinder.

random - This function is not sufficiently random for security-related functions such as key and nonce creation
Security

Line: 116 Column: 7 CWE codes: 327
Suggestion: Use a more secure technique for acquiring random values 

              
} // namespace random

using random::variate_generator;

} // namespace boost

#include <boost/random/detail/enable_warnings.hpp>

Reported by FlawFinder.

src/third_party/boost/boost/random/triangle_distribution.hpp
3 issues
random - This function is not sufficiently random for security-related functions such as key and nonce creation
Security

Line: 30 Column: 11 CWE codes: 327
Suggestion: Use a more secure technique for acquiring random values 

              #include <boost/random/uniform_01.hpp>

namespace boost {
namespace random {

/**
 * Instantiations of @c triangle_distribution model a \random_distribution.
 * A @c triangle_distribution has three parameters, @c a, @c b, and @c c,
 * which are the smallest, the most probable and the largest values of

Reported by FlawFinder.

setstate - This function is not sufficiently random for security-related functions such as key and nonce creation
Security

Line: 84 Column: 24 CWE codes: 327
Suggestion: Use a more secure technique for acquiring random values 

                                  parm._b = b_in;
                    parm._c = c_in;
                } else {
                    is.setstate(std::ios_base::failbit);
                }
            }
            return is;
        }

Reported by FlawFinder.

random - This function is not sufficiently random for security-related functions such as key and nonce creation
Security

Line: 228 Column: 7 CWE codes: 327
Suggestion: Use a more secure technique for acquiring random values 

              
} // namespace random

using random::triangle_distribution;

} // namespace boost

#endif // BOOST_RANDOM_TRIANGLE_DISTRIBUTION_HPP

Reported by FlawFinder.

buildscripts/idl/tests/test_import.py
3 issues
Attempted relative import beyond top-level package
Error

Line: 45 Column: 5 

                  from context import idl
    import testcase
else:
    from .context import idl
    from . import testcase


class DictionaryImportResolver(idl.parser.ImportResolverBase):
    """An import resolver resolves files from a dictionary."""

Reported by Pylint.

Attempted relative import beyond top-level package
Error

Line: 46 Column: 5 

                  import testcase
else:
    from .context import idl
    from . import testcase


class DictionaryImportResolver(idl.parser.ImportResolverBase):
    """An import resolver resolves files from a dictionary."""

Reported by Pylint.

Use of assert detected. The enclosed code will be removed when compiling to optimised byte code.
Security

Line: 70
Suggestion: https://bandit.readthedocs.io/en/latest/plugins/b101_assert_used.html 

                  def open(self, resolved_file_name):
        # type: (str) -> Any
        """Return an io.Stream for the requested file."""
        assert resolved_file_name.startswith("imported_")
        imported_file_name = resolved_file_name.replace("imported_", "")

        return io.StringIO(self._import_dict[imported_file_name])

Reported by Bandit.

src/third_party/boost/boost/regex/v4/cpp_regex_traits.hpp
3 issues
open - Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents?
Security

Line: 286 Column: 32 CWE codes: 362 

                 std::string cat_name(cpp_regex_traits<charT>::get_catalog_name());
   if((!cat_name.empty()) && (this->m_pmessages != 0))
   {
      cat = this->m_pmessages->open(
         cat_name, 
         this->m_locale);
      if((int)cat < 0)
      {
         std::string m("Unable to open message catalog: ");

Reported by FlawFinder.

open - Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents?
Security

Line: 714 Column: 32 CWE codes: 362 

                 std::string cat_name(cpp_regex_traits<charT>::get_catalog_name());
   if((!cat_name.empty()) && (this->m_pmessages != 0))
   {
      cat = this->m_pmessages->open(
         cat_name, 
         this->m_locale);
      if((int)cat < 0)
      {
         std::string m("Unable to open message catalog: ");

Reported by FlawFinder.

open - Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents?
Security

Line: 1148 Column: 35 CWE codes: 362 

                    std::string cat_name(cpp_regex_traits<char>::get_catalog_name());
      if ((!cat_name.empty()) && (m_pmessages != 0))
      {
         cat = this->m_pmessages->open(
            cat_name,
            this->m_locale);
         if ((int)cat < 0)
         {
            std::string m("Unable to open message catalog: ");

Reported by FlawFinder.

src/third_party/boost/boost/random/geometric_distribution.hpp
3 issues
random - This function is not sufficiently random for security-related functions such as key and nonce creation
Security

Line: 29 Column: 11 CWE codes: 327
Suggestion: Use a more secure technique for acquiring random values 

              #include <boost/random/uniform_01.hpp>

namespace boost {
namespace random {

/**
 * An instantiation of the class template @c geometric_distribution models
 * a \random_distribution.  The distribution produces positive
 * integers which are the number of bernoulli trials

Reported by FlawFinder.

setstate - This function is not sufficiently random for security-related functions such as key and nonce creation
Security

Line: 84 Column: 24 CWE codes: 327
Suggestion: Use a more secure technique for acquiring random values 

                              if(p_in > RealType(0) && p_in < RealType(1)) {
                    parm._p = p_in;
                } else {
                    is.setstate(std::ios_base::failbit);
                }
            }
            return is;
        }

Reported by FlawFinder.

random - This function is not sufficiently random for security-related functions such as key and nonce creation
Security

Line: 259 Column: 13 CWE codes: 327
Suggestion: Use a more secure technique for acquiring random values 

                  }

private:
    typedef random::geometric_distribution<IntType, RealType> impl_type;
    impl_type _impl;
};

/// \endcond

Reported by FlawFinder.

src/third_party/boost/boost/random/negative_binomial_distribution.hpp
3 issues
random - This function is not sufficiently random for security-related functions such as key and nonce creation
Security

Line: 24 Column: 11 CWE codes: 327
Suggestion: Use a more secure technique for acquiring random values 

              #include <boost/random/poisson_distribution.hpp>

namespace boost {
namespace random {

/**
 * The negative binomial distribution is an integer valued
 * distribution with two parameters, @c k and @c p.  The
 * distribution produces non-negative values.

Reported by FlawFinder.

read - Check buffer boundaries if used in a loop including recursive loops
Security

Line: 177 Column: 12 CWE codes: 120 20 

                  operator>>(std::basic_istream<CharT,Traits>& is,
               negative_binomial_distribution& bd)
    {
        bd.read(is);
        return is;
    }
#endif

    /** Returns true if the two distributions will produce the same

Reported by FlawFinder.

read - Check buffer boundaries if used in a loop including recursive loops
Security

Line: 202 Column: 10 CWE codes: 120 20 

                  /// @cond \show_private

    template<class CharT, class Traits>
    void read(std::basic_istream<CharT, Traits>& is) {
        param_type parm;
        if(is >> parm) {
            param(parm);
        }
    }

Reported by FlawFinder.

src/third_party/boost/boost/random/detail/vector_io.hpp
3 issues
random - This function is not sufficiently random for security-related functions such as key and nonce creation
Security

Line: 22 Column: 11 CWE codes: 327
Suggestion: Use a more secure technique for acquiring random values 

              #include <boost/io/ios_state.hpp>

namespace boost {
namespace random {
namespace detail {

template<class CharT, class Traits, class T>
void print_vector(std::basic_ostream<CharT, Traits>& os,
                  const std::vector<T>& vec)

Reported by FlawFinder.

setstate - This function is not sufficiently random for security-related functions such as key and nonce creation
Security

Line: 53 Column: 12 CWE codes: 327
Suggestion: Use a more secure technique for acquiring random values 

                  }
    if(ch != is.widen('[')) {
        is.putback(ch);
        is.setstate(std::ios_base::failbit);
        return;
    }
    boost::io::basic_ios_exception_saver<CharT, Traits> e(is, std::ios_base::goodbit);
    T val;
    while(is >> std::ws >> val) {

Reported by FlawFinder.

setstate - This function is not sufficiently random for security-related functions such as key and nonce creation
Security

Line: 69 Column: 16 CWE codes: 327
Suggestion: Use a more secure technique for acquiring random values 

                      }
        if(ch != is.widen(']')) {
            is.putback(ch);
            is.setstate(std::ios_base::failbit);
        }
    }
}

}

Reported by FlawFinder.

src/third_party/boost/boost/random/chi_squared_distribution.hpp
3 issues
random - This function is not sufficiently random for security-related functions such as key and nonce creation
Security

Line: 23 Column: 11 CWE codes: 327
Suggestion: Use a more secure technique for acquiring random values 

              #include <boost/random/gamma_distribution.hpp>

namespace boost {
namespace random {

/**
 * The chi squared distribution is a real valued distribution with
 * one parameter, @c n.  The distribution produces values > 0.
 *

Reported by FlawFinder.

read - Check buffer boundaries if used in a loop including recursive loops
Security

Line: 168 Column: 13 CWE codes: 120 20 

                  operator>>(std::basic_istream<CharT,Traits>& is,
               chi_squared_distribution& c2d)
    {
        c2d.read(is);
        return is;
    }
#endif

    /** Returns true if the two distributions will produce the same

Reported by FlawFinder.

read - Check buffer boundaries if used in a loop including recursive loops
Security

Line: 193 Column: 10 CWE codes: 120 20 

                  /// @cond show_private

    template<class CharT, class Traits>
    void read(std::basic_istream<CharT, Traits>& is) {
        param_type parm;
        if(is >> parm) {
            param(parm);
        }
    }

Reported by FlawFinder.

src/mongo/db/catalog/index_build_entry_test.cpp
3 issues
syntax error
Error

Line: 86 

                  }
}

TEST(IndexBuildEntryTest, IndexBuildEntryWithRequiredFields) {
    const UUID id = UUID::gen();
    const UUID collectionUUID = UUID::gen();
    const CommitQuorumOptions commitQuorum(1);
    const std::vector<std::string> indexes = generateIndexes(1);

Reported by Cppcheck.

equal - Function does not check the second iterator for over-read conditions
Security

Line: 74 Column: 22 CWE codes: 126
Suggestion: This function is often discouraged by most C++ coding standards in favor of its safer alternatives provided since C++14. Consider using a form of this function that checks the second iterator before potentially overflowing it 

              
    auto lhsIndexNames = lhs.getIndexNames();
    auto rhsIndexNames = rhs.getIndexNames();
    ASSERT_TRUE(std::equal(lhsIndexNames.begin(), lhsIndexNames.end(), rhsIndexNames.begin()));

    if (lhs.getCommitReadyMembers() && rhs.getCommitReadyMembers()) {
        auto lhsMembers = lhs.getCommitReadyMembers().get();
        auto rhsMembers = rhs.getCommitReadyMembers().get();
        ASSERT_TRUE(std::equal(lhsMembers.begin(), lhsMembers.end(), rhsMembers.begin()));

Reported by FlawFinder.

equal - Function does not check the second iterator for over-read conditions
Security

Line: 79 Column: 26 CWE codes: 126
Suggestion: This function is often discouraged by most C++ coding standards in favor of its safer alternatives provided since C++14. Consider using a form of this function that checks the second iterator before potentially overflowing it 

                  if (lhs.getCommitReadyMembers() && rhs.getCommitReadyMembers()) {
        auto lhsMembers = lhs.getCommitReadyMembers().get();
        auto rhsMembers = rhs.getCommitReadyMembers().get();
        ASSERT_TRUE(std::equal(lhsMembers.begin(), lhsMembers.end(), rhsMembers.begin()));
    } else {
        ASSERT_FALSE(lhs.getCommitReadyMembers());
        ASSERT_FALSE(rhs.getCommitReadyMembers());
    }
}

Reported by FlawFinder.

src/mongo/embedded/mongo_embedded/java/src/com/mongodb/embedded/capi/CAPIHelper.java
3 issues
A catch statement should never catch throwable since it includes errors.
Error

Line: 42 

                  static CAPI.mongo_embedded_v1_status createStatusPointer() {
        try {
            return CAPI.mongo_embedded_v1_status_create();
        } catch (Throwable t) {
            throw createError("status_create", t);
        }
    }

    static MongoEmbeddedCAPIException createError(final String methodName, final Throwable t) {

Reported by PMD.

Potential violation of Law of Demeter (method chain calls)
Design

Line: 62 

                                                     final int errorCode) {
        throw new MongoEmbeddedCAPIException(errorCode,
                CAPI.mongo_embedded_v1_status_get_code(statusPointer),
                CAPI.mongo_embedded_v1_status_get_explanation(statusPointer).toString(),
                null);
    }

    static void destroyStatusPointer(final CAPI.mongo_embedded_v1_status statusPointer) {
        try {

Reported by PMD.

A catch statement should never catch throwable since it includes errors.
Error

Line: 69 

                  static void destroyStatusPointer(final CAPI.mongo_embedded_v1_status statusPointer) {
        try {
            CAPI.mongo_embedded_v1_status_destroy(statusPointer);
        } catch (Throwable t) {
            throw createError("status_destroy", t);
        }
    }

    static void validateErrorCode(final CAPI.mongo_embedded_v1_status statusPointer, final int errorCode) {

Reported by PMD.