The following issues were found

src/third_party/IntelRDFPMathLib20U1/LIBRARY/src/bid64_quantexpd.c
2 issues
Shifting 32-bit value by 51 bits is undefined behaviour
Error

Line: 50 CWE codes: 758 

                  BID_RETURN (res);
  }
  if ((x & MASK_STEERING_BITS) == MASK_STEERING_BITS)
    res = (int)((x >> 51) & 0x3ff) - 398;
  else
    res = ((int)(x >> 53) & 0x3ff) - 398;
  BID_RETURN (res);
}

Reported by Cppcheck.

Shifting 32-bit value by 53 bits is undefined behaviour
Error

Line: 52 CWE codes: 758 

                if ((x & MASK_STEERING_BITS) == MASK_STEERING_BITS)
    res = (int)((x >> 51) & 0x3ff) - 398;
  else
    res = ((int)(x >> 53) & 0x3ff) - 398;
  BID_RETURN (res);
}

Reported by Cppcheck.

buildscripts/feature_flag_tags_check.py
2 issues
Consider possible security implications associated with subprocess module.
Security blacklist

Line: 10
Suggestion: https://bandit.readthedocs.io/en/latest/blacklists/blacklist_imports.html#b404-import-subprocess 

              
import argparse
import os
import subprocess
import sys

# Get relative imports to work when the package is not installed on the PYTHONPATH.
if __name__ == "__main__" and __package__ is None:
    sys.path.append(os.path.dirname(os.path.dirname(os.path.abspath(__file__))))

Reported by Bandit.

subprocess call - check for execution of untrusted input.
Security injection

Line: 31
Suggestion: https://bandit.readthedocs.io/en/latest/plugins/b603_subprocess_without_shell_equals_true.html 

                  if silent:
        run_args["stdout"] = subprocess.DEVNULL
        run_args["stderr"] = subprocess.DEVNULL
    subprocess.run(["git"] + cmd_args, **run_args, check=False)


def get_tests_with_feature_flag_tags(feature_flags, ent_path):
    """Get the list of tests with feature flag tag."""
    selector_config = {

Reported by Bandit.

src/mongo/transport/transport_layer_asio_integration_test.cpp
2 issues
syntax error
Error

Line: 100 

              //
// Because of the file size limit, it's only an effective check on debug builds (where the future
// implementation checks the length of the future chain).
TEST(TransportLayerASIO, ShortReadsAndWritesWork) {
    const auto assertOK = [](executor::RemoteCommandResponse reply) {
        ASSERT_OK(reply.status);
        ASSERT(reply.data["ok"]) << reply.data;
    };

Reported by Cppcheck.

read - Check buffer boundaries if used in a loop including recursive loops
Security

Line: 78 Column: 23 CWE codes: 120 20 

                  LOGV2(23030, "Waiting for response");
    std::array<char, 256> httpRespBuf;
    std::error_code ec;
    auto size = asio::read(socket, asio::buffer(httpRespBuf.data(), httpRespBuf.size()), ec);
    StringData httpResp(httpRespBuf.data(), size);

    LOGV2(23031,
          "Received http response: {response}",
          "Received http response",

Reported by FlawFinder.

src/third_party/IntelRDFPMathLib20U1/LIBRARY/src/bid64_pow.c
2 issues
Shifting 32-bit value by 51 bits is undefined behaviour
Error

Line: 136 CWE codes: 758 

              
  if (is_int)
   { int e = (((y_int & (3ull<<61)) == (3ull<<61))
             ? (y_int >> 51) : (y_int >> 53)) & ((1ull<<10)-1);
     if ((e == 398) && (y_int & 1)) is_odd = 1;
   }

// Now the cases where the first arg is infinite:
//

Reported by Cppcheck.

Shifting 32-bit value by 53 bits is undefined behaviour
Error

Line: 136 CWE codes: 758 

              
  if (is_int)
   { int e = (((y_int & (3ull<<61)) == (3ull<<61))
             ? (y_int >> 51) : (y_int >> 53)) & ((1ull<<10)-1);
     if ((e == 398) && (y_int & 1)) is_odd = 1;
   }

// Now the cases where the first arg is infinite:
//

Reported by Cppcheck.

src/third_party/abseil-cpp-master/abseil-cpp/absl/flags/commandlineflag_test.cc
2 issues
syntax error
Error

Line: 70 

                std::unique_ptr<absl::FlagSaver> flag_saver_;
};

TEST_F(CommandLineFlagTest, TestAttributesAccessMethods) {
  auto* flag_01 = absl::FindCommandLineFlag("int_flag");

  ASSERT_TRUE(flag_01);
  EXPECT_EQ(flag_01->Name(), "int_flag");
  EXPECT_EQ(flag_01->Help(), "int_flag help");

Reported by Cppcheck.

StrCat - Does not check for buffer overflows when concatenating to destination [MS-banned]
Security

Line: 34 Column: 17 CWE codes: 120 

              
ABSL_FLAG(int, int_flag, 201, "int_flag help");
ABSL_FLAG(std::string, string_flag, "dflt",
          absl::StrCat("string_flag", " help"));
ABSL_RETIRED_FLAG(bool, bool_retired_flag, false, "bool_retired_flag help");

// These are only used to test default values.
ABSL_FLAG(int, int_flag2, 201, "");
ABSL_FLAG(std::string, string_flag2, "dflt", "");

Reported by FlawFinder.

buildscripts/linter/git_base.py
2 issues
Consider possible security implications associated with subprocess module.
Security blacklist

Line: 4
Suggestion: https://bandit.readthedocs.io/en/latest/blacklists/blacklist_imports.html#b404-import-subprocess 

              """Module to run git commands on a repository."""

import logging
import subprocess

LOGGER = logging.getLogger(__name__)


class Repository(object):  # pylint: disable=too-many-public-methods

Reported by Bandit.

subprocess call - check for execution of untrusted input.
Security injection

Line: 219
Suggestion: https://bandit.readthedocs.io/en/latest/plugins/b603_subprocess_without_shell_equals_true.html 

              
    @staticmethod
    def _run_process(cmd, params, cwd=None):
        process = subprocess.Popen(params, stdout=subprocess.PIPE, stderr=subprocess.PIPE, cwd=cwd)
        (stdout, stderr) = process.communicate()
        if process.returncode:
            if stdout:
                LOGGER.error("Output of '%s': %s", " ".join(params), stdout)
            if stderr:

Reported by Bandit.

src/third_party/IntelRDFPMathLib20U1/LIBRARY/src/bid64_frexp.c
2 issues
Shifting 32-bit value by 53 bits is undefined behaviour
Error

Line: 76 CWE codes: 758 

                    exp_x = (x & MASK_BINARY_EXPONENT2) >> 51;  // biased
      if (sig_x > 9999999999999999ull || sig_x == 0) { // non-canonical or zero
        *exp = 0;
        res = (x & 0x8000000000000000ull) | ((BID_UINT64)exp_x << 53); // zero of same sign
        BID_RETURN (res);
      }
    } else {
      sig_x = x & MASK_BINARY_SIG1;
      exp_x = (x & MASK_BINARY_EXPONENT1) >> 53;  // biased

Reported by Cppcheck.

Shifting 32-bit value by 52 bits is undefined behaviour
Error

Line: 97 CWE codes: 758 

                    q = 16;  
    } else { // if x < 2^53
      tmp.d = (double) sig_x; // exact conversion
      x_nr_bits = 1 + ((((unsigned int) (tmp.ui64 >> 52)) & 0x7ff) - 0x3ff);
      q = bid_nr_digits[x_nr_bits - 1].digits; 
      if (q == 0) { 
        q = bid_nr_digits[x_nr_bits - 1].digits1;
        if (sig_x >= bid_nr_digits[x_nr_bits - 1].threshold_lo)
          q++;

Reported by Cppcheck.

src/mongo/db/storage/key_string.h
2 issues
memcpy - Does not check for buffer overflows when copying to destination
Security

Line: 576 Column: 9 CWE codes: 120
Suggestion: Make sure destination can always hold the source data 

                                  Discriminator discriminator = Discriminator::kInclusive);
    void resetFromBuffer(const void* buffer, size_t size) {
        _buffer().reset();
        memcpy(_buffer().skip(size), buffer, size);
    }

    const char* getBuffer() const {
        invariant(_state != BuildState::kReleased);
        return _buffer().buf();

Reported by FlawFinder.

read - Check buffer boundaries if used in a loop including recursive loops
Security

Line: 388 Column: 45 CWE codes: 120 20 

              
    // Deserialize the Value from a serialized format.
    static Value deserialize(BufReader& buf, KeyString::Version version) {
        const int32_t sizeOfKeystring = buf.read<LittleEndian<int32_t>>();
        const void* keystringPtr = buf.skip(sizeOfKeystring);

        BufBuilder newBuf;
        newBuf.appendBuf(keystringPtr, sizeOfKeystring);

Reported by FlawFinder.

buildscripts/lldb/lldb_commands.py
2 issues
Unable to import 'lldb'
Error

Line: 3 Column: 1 

              """Add user-defined commands to MongoDB."""

import lldb


def __lldb_init_module(debugger, *_args):
    """Register custom commands."""
    debugger.HandleCommand(
        "command script add -f lldb_commands.PrintGlobalServiceContext mongodb-service-context")

Reported by Pylint.

Unused import lldb
Error

Line: 3 Column: 1 

              """Add user-defined commands to MongoDB."""

import lldb


def __lldb_init_module(debugger, *_args):
    """Register custom commands."""
    debugger.HandleCommand(
        "command script add -f lldb_commands.PrintGlobalServiceContext mongodb-service-context")

Reported by Pylint.

src/mongo/util/file.h
2 issues
open - Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents?
Security

Line: 56 Column: 10 CWE codes: 362 

                  void fsync() const;
    bool is_open() const;
    fileofs len();
    void open(const char* filename, bool readOnly = false, bool direct = false);
    void read(fileofs o, char* data, unsigned len);
    void truncate(fileofs size);
    void write(fileofs o, const char* data, unsigned len);

    static intmax_t freeSpace(const std::string& path);

Reported by FlawFinder.

read - Check buffer boundaries if used in a loop including recursive loops
Security

Line: 57 Column: 10 CWE codes: 120 20 

                  bool is_open() const;
    fileofs len();
    void open(const char* filename, bool readOnly = false, bool direct = false);
    void read(fileofs o, char* data, unsigned len);
    void truncate(fileofs size);
    void write(fileofs o, const char* data, unsigned len);

    static intmax_t freeSpace(const std::string& path);

Reported by FlawFinder.