The following issues were found

src/mongo/util/cmdline_utils/censor_cmdline.cpp
2 issues
Syntax Error: AST broken, 'for' doesn't have two operands.
Error

Line: 82 

                  std::vector<optionenvironment::OptionDescription> options;
    uassertStatusOK(optionenvironment::startupOptions.getAllOptions(&options));

    for (const auto& opt : options) {
        if (!opt._redact) {
            continue;
        }

        gRedactedDottedNames.insert(opt._dottedName);

Reported by Cppcheck.

strlen - Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected)
Security

Line: 215 Column: 21 CWE codes: 126 

                          } else {
                _redact(firstEqSign + 1);
            }
        } else if ((strlen(arg) > 2) && _isPasswordSwitch(std::string(arg, 2))) {
            // e.g. "-ppassword"
            _redact(argv[i] + 2);
        }

        if (nullptr != firstEqSign) {

Reported by FlawFinder.

buildscripts/idl/idl/generic_field_list_types.py
2 issues
Attempted relative import beyond top-level package
Error

Line: 30 Column: 1 

              #
"""Provide code generation information for generic arguments and reply fields."""

from . import ast, common
from .struct_types import MethodInfo


class FieldListInfo:
    """Class for generic argument and generic reply field list code generation."""

Reported by Pylint.

Attempted relative import beyond top-level package
Error

Line: 31 Column: 1 

              """Provide code generation information for generic arguments and reply fields."""

from . import ast, common
from .struct_types import MethodInfo


class FieldListInfo:
    """Class for generic argument and generic reply field list code generation."""

Reported by Pylint.

src/mongo/util/future_test_shared_future.cpp
2 issues
syntax error
Error

Line: 49 

                      [](/*Future<int>*/ auto&& fut) { ASSERT_EQ(std::move(fut).share().get(), 1); });
}

TEST(SharedFuture, Success_shared_getNothrow) {
    FUTURE_SUCCESS_TEST(
        [] { return 1; },
        [](/*Future<int>*/ auto&& fut) { ASSERT_EQ(std::move(fut).share().getNoThrow(), 1); });
}

Reported by Cppcheck.

char - Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues
Security

Line: 145 Column: 14 CWE codes: 119 120
Suggestion: Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length 

              
MONGO_COMPILER_NOINLINE void useALotOfStackSpace() {
    // Try to force the compiler to allocate 100K of stack.
    volatile char buffer[100'000];  // NOLINT
    buffer[99'999] = 'x';
    buffer[0] = buffer[99'999];
    ASSERT_EQ(buffer[0], 'x');
}

Reported by FlawFinder.

buildscripts/tests/resmokelib/core/test_redirect.py
2 issues
Use of insecure and deprecated function (mktemp).
Security blacklist

Line: 29
Suggestion: https://bandit.readthedocs.io/en/latest/blacklists/blacklist_calls.html#b306-mktemp-q 

                          return

        haystack = "can you find a needle in a haystack".split()
        tmp_file = tempfile.mktemp()

        try:
            tee = _redirect.Pipe(["tee", tmp_file], subprocess.PIPE, subprocess.PIPE)
            grep = _redirect.Pipe(["grep", "needle"], tee.get_stdout(), subprocess.PIPE)

Reported by Bandit.

Consider possible security implications associated with subprocess module.
Security blacklist

Line: 7
Suggestion: https://bandit.readthedocs.io/en/latest/blacklists/blacklist_imports.html#b404-import-subprocess 

              
import io
import os
import subprocess
import tempfile
import unittest

from buildscripts.resmokelib.core import redirect as _redirect

Reported by Bandit.

src/mongo/db/index/btree_key_generator_test.cpp
2 issues
syntax error
Error

Line: 184 

              //


TEST(BtreeKeyGeneratorTest, GetIdKeyFromObject) {
    BSONObj keyPattern = fromjson("{_id: 1}");
    BSONObj genKeysFrom = fromjson("{_id: 'foo', b: 4}");
    KeyString::HeapBuilder keyString(
        KeyString::Version::kLatestVersion, fromjson("{'': 'foo'}"), Ordering::make(BSONObj()));
    KeyStringSet expectedKeys{keyString.release()};

Reported by Cppcheck.

equal - Function does not check the second iterator for over-read conditions
Security

Line: 90 Column: 15 CWE codes: 126
Suggestion: This function is often discouraged by most C++ coding standards in favor of its safer alternatives provided since C++14. Consider using a form of this function that checks the second iterator before potentially overflowing it 

                      return false;
    }

    if (!std::equal(expectedKeys.begin(), expectedKeys.end(), actualKeys.begin())) {
        return false;
    }

    return true;
}

Reported by FlawFinder.

buildscripts/idl/tests/test_binder.py
2 issues
Attempted relative import beyond top-level package
Error

Line: 44 Column: 5 

                  from context import idl
    import testcase
else:
    from .context import idl
    from . import testcase

# All YAML tests assume 4 space indent
INDENT_SPACE_COUNT = 4

Reported by Pylint.

Attempted relative import beyond top-level package
Error

Line: 45 Column: 5 

                  import testcase
else:
    from .context import idl
    from . import testcase

# All YAML tests assume 4 space indent
INDENT_SPACE_COUNT = 4

Reported by Pylint.

src/third_party/asio-master/asio/include/asio/stream_socket_service.hpp
2 issues
open - Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents?
Security

Line: 141 Column: 21 CWE codes: 362 

                }

  /// Open a stream socket.
  ASIO_SYNC_OP_VOID open(implementation_type& impl,
      const protocol_type& protocol, asio::error_code& ec)
  {
    if (protocol.type() == ASIO_OS_DEF(SOCK_STREAM))
      service_impl_.open(impl, protocol, ec);
    else

Reported by FlawFinder.

open - Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents?
Security

Line: 145 Column: 21 CWE codes: 362 

                    const protocol_type& protocol, asio::error_code& ec)
  {
    if (protocol.type() == ASIO_OS_DEF(SOCK_STREAM))
      service_impl_.open(impl, protocol, ec);
    else
      ec = asio::error::invalid_argument;
    ASIO_SYNC_OP_VOID_RETURN(ec);
  }

Reported by FlawFinder.

src/mongo/db/exec/sbe/stages/unique.cpp
2 issues
open - Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents?
Security

Line: 58 Column: 19 CWE codes: 362 

                  return _children[0]->getAccessor(ctx, slot);
}

void UniqueStage::open(bool reOpen) {
    auto optTimer(getOptTimer(_opCtx));

    ++_commonStats.opens;
    _children[0]->open(reOpen);
}

Reported by FlawFinder.

open - Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents?
Security

Line: 62 Column: 19 CWE codes: 362 

                  auto optTimer(getOptTimer(_opCtx));

    ++_commonStats.opens;
    _children[0]->open(reOpen);
}

PlanState UniqueStage::getNext() {
    auto optTimer(getOptTimer(_opCtx));

Reported by FlawFinder.

src/mongo/bson/mutable/mutable_bson_test.cpp
2 issues
syntax error
Error

Line: 50 

              using namespace mongo;
namespace mmb = mongo::mutablebson;

TEST(TopologyBuilding, TopDownFromScratch) {
    /*
                   [ e0 ]
                    /   \
                   /     \
               [ e1 ]..[ e2 ]

Reported by Cppcheck.

memcpy - Does not check for buffer overflows when copying to destination
Security

Line: 957 Column: 14 CWE codes: 120
Suggestion: Make sure destination can always hold the source data 

                  mmb::DamageVector::const_iterator where = damages.begin();
    char* const target = const_cast<char*>(obj->objdata());
    for (; where != end; ++where) {
        std::memcpy(target + where->targetOffset, source + where->sourceOffset, where->sourceSize);
    }
}
}  // namespace

TEST(Documentation, Example2InPlaceWithDamageVector) {

Reported by FlawFinder.

src/mongo/db/s/start_chunk_clone_request_test.cpp
2 issues
Shifting by a negative value is undefined behaviour
Error

Line: 70 CWE codes: 758 

                      assertGet(ConnectionString::parse("TestDonorRS/Donor1:12345,Donor2:12345,Donor3:12345")),
        ShardId("shard0001"),
        ShardId("shard0002"),
        BSON("Key" << -100),
        BSON("Key" << 100),
        BSON("Key" << 1),
        MigrationSecondaryThrottleOptions::create(MigrationSecondaryThrottleOptions::kOff));

    BSONObj cmdObj = builder.obj();

Reported by Cppcheck.

Shifting by a negative value is undefined behaviour
Error

Line: 92 CWE codes: 758 

                      request.getFromShardConnectionString().toString());
    ASSERT_EQ("shard0001", request.getFromShardId().toString());
    ASSERT_EQ("shard0002", request.getToShardId().toString());
    ASSERT_BSONOBJ_EQ(BSON("Key" << -100), request.getMinKey());
    ASSERT_BSONOBJ_EQ(BSON("Key" << 100), request.getMaxKey());
    ASSERT_BSONOBJ_EQ(BSON("Key" << 1), request.getShardKeyPattern());
    ASSERT_EQ(MigrationSecondaryThrottleOptions::kOff,
              request.getSecondaryThrottle().getSecondaryThrottle());
}

Reported by Cppcheck.