The following issues were found
src/mongo/db/repl/idempotency_update_sequence.cpp
2 issues
Line: 275
Column: 63
CWE codes:
327
Suggestion:
Use a more secure technique for acquiring random values
}
UpdateSequenceGenerator::UpdateSequenceGenerator(UpdateSequenceGeneratorConfig config,
PseudoRandom random,
ScalarGenerator* scalarGenerator)
: _config(std::move(config)), _random(random), _scalarGenerator(scalarGenerator) {
auto path = "";
_generatePaths(config, path);
// Creates the same shuffle each time, but we don't care. We want to mess up the DFS ordering.
Reported by FlawFinder.
Line: 277
Column: 43
CWE codes:
327
Suggestion:
Use a more secure technique for acquiring random values
UpdateSequenceGenerator::UpdateSequenceGenerator(UpdateSequenceGeneratorConfig config,
PseudoRandom random,
ScalarGenerator* scalarGenerator)
: _config(std::move(config)), _random(random), _scalarGenerator(scalarGenerator) {
auto path = "";
_generatePaths(config, path);
// Creates the same shuffle each time, but we don't care. We want to mess up the DFS ordering.
std::shuffle(this->_paths.begin(), this->_paths.end(), this->_random.urbg());
}
Reported by FlawFinder.
src/mongo/dbtests/updatetests.cpp
2 issues
Line: 811
CWE codes:
758
void run() {
_client.insert(ns(), fromjson("{'_id':0,a:[1,2]}"));
// { $push : { a : { $each : 3 , $slice : -2 } } }
BSONObj pushObj = BSON("$each" << 3 << "$slice" << -2);
_client.update(ns(), Query(), BSON("$push" << BSON("a" << pushObj)));
ASSERT(_client.findOne(ns(), Query()).woCompare(fromjson("{'_id':0,a:[1,2]}")) == 0);
}
};
Reported by Cppcheck.
Line: 1400
CWE codes:
758
workArea.push_back(objs[i]);
}
sort(workArea.begin(), workArea.end(), ProjectKeyCmp(BSON("b" << 1 << "a" << -1)));
ASSERT_BSONOBJ_EQ(workArea[0], objs[1]);
ASSERT_BSONOBJ_EQ(workArea[1], objs[0]);
ASSERT_BSONOBJ_EQ(workArea[2], objs[2]);
}
Reported by Cppcheck.
src/third_party/IntelRDFPMathLib20U1/LIBRARY/src/bid128_scalb.c
2 issues
Line: 76
CWE codes:
758
if (CX.w[1] < 0x314dc6448d93ull) {
// try to normalize coefficient
do {
CBID_X8.w[1] = (CX.w[1] << 3) | (CX.w[0] >> 61);
CBID_X8.w[0] = CX.w[0] << 3;
CX2.w[1] = (CX.w[1] << 1) | (CX.w[0] >> 63);
CX2.w[0] = CX.w[0] << 1;
__add_128_128 (CX, CX2, CBID_X8);
Reported by Cppcheck.
Line: 78
CWE codes:
758
do {
CBID_X8.w[1] = (CX.w[1] << 3) | (CX.w[0] >> 61);
CBID_X8.w[0] = CX.w[0] << 3;
CX2.w[1] = (CX.w[1] << 1) | (CX.w[0] >> 63);
CX2.w[0] = CX.w[0] << 1;
__add_128_128 (CX, CX2, CBID_X8);
exponent_x--;
exp64--;
Reported by Cppcheck.
src/mongo/util/options_parser/options_parser.cpp
2 issues
Line: 1436
Column: 16
CWE codes:
362
#ifdef _WIN32
int fd = ::_open(filename.c_str(), O_RDONLY);
#else
int fd = ::open(filename.c_str(), O_RDONLY);
#endif
if (fd < 0) {
const auto& ewd = errnoWithDescription();
return {ErrorCodes::InternalError, str::stream() << "Error opening config file: " << ewd};
Reported by FlawFinder.
Line: 537
Column: 28
CWE codes:
126
uassert(ErrorCodes::BadValue,
"__rest configuration expansion only supports http/https",
url.startsWith("http://"));
const auto start = strlen("http://");
auto end = url.find('/', start);
if (end == std::string::npos) {
end = url.size();
}
HostAndPort hp(url.substr(start, end - start));
Reported by FlawFinder.
src/third_party/IntelRDFPMathLib20U1/LIBRARY/src/bid128_quantize.c
2 issues
Line: 141
CWE codes:
758
if ((BID_UINT32) total_digits <= 34) {
if (expon_diff >= 0) {
T = bid_power10_table_128[expon_diff];
__mul_128x128_low (CX2, T, CX);
bid_get_BID128_very_fast (&res, sign_x, exponent_y, CX2);
BID_RETURN (res);
}
#ifndef IEEE_ROUND_NEAREST_TIES_AWAY
#ifndef IEEE_ROUND_NEAREST
Reported by Cppcheck.
Line: 161
CWE codes:
758
__add_128_128 (CX, CX, bid_round_const_table_128[rmode][extra_digits]);
// get P*(2^M[extra_digits])/10^extra_digits
__mul_128x128_to_256 (CT, CX, bid_reciprocals10_128[extra_digits]);
// now get P/10^extra_digits: shift C64 right by M[extra_digits]-128
amount = bid_recip_scale[extra_digits];
CX2.w[0] = CT.w[2];
CX2.w[1] = CT.w[3];
Reported by Cppcheck.
src/third_party/IntelRDFPMathLib20U1/LIBRARY/src/bid128_quantexpd.c
2 issues
Line: 52
CWE codes:
758
BID_RETURN_VAL (res);
}
if ((x.w[1] & MASK_STEERING_BITS) == MASK_STEERING_BITS)
res = (int)((x.w[1] >> 47) & 0x3fff) - 6176;
else
res = ((int)(x.w[1] >> 49) & 0x3fff) - 6176;
BID_RETURN_VAL (res);
}
Reported by Cppcheck.
Line: 54
CWE codes:
758
if ((x.w[1] & MASK_STEERING_BITS) == MASK_STEERING_BITS)
res = (int)((x.w[1] >> 47) & 0x3fff) - 6176;
else
res = ((int)(x.w[1] >> 49) & 0x3fff) - 6176;
BID_RETURN_VAL (res);
}
Reported by Cppcheck.
src/third_party/IntelRDFPMathLib20U1/LIBRARY/src/bid128_ldexp.c
2 issues
Line: 76
CWE codes:
758
if (CX.w[1] < 0x314dc6448d93ull) {
// try to normalize coefficient
do {
CBID_X8.w[1] = (CX.w[1] << 3) | (CX.w[0] >> 61);
CBID_X8.w[0] = CX.w[0] << 3;
CX2.w[1] = (CX.w[1] << 1) | (CX.w[0] >> 63);
CX2.w[0] = CX.w[0] << 1;
__add_128_128 (CX, CX2, CBID_X8);
Reported by Cppcheck.
Line: 78
CWE codes:
758
do {
CBID_X8.w[1] = (CX.w[1] << 3) | (CX.w[0] >> 61);
CBID_X8.w[0] = CX.w[0] << 3;
CX2.w[1] = (CX.w[1] << 1) | (CX.w[0] >> 63);
CX2.w[0] = CX.w[0] << 1;
__add_128_128 (CX, CX2, CBID_X8);
exponent_x--;
exp64--;
Reported by Cppcheck.
src/mongo/util/fail_point.cpp
2 issues
Line: 143
Column: 14
CWE codes:
327
Suggestion:
Use a more secure technique for acquiring random values
switch (_mode) {
case alwaysOn:
return true;
case random:
return std::uniform_int_distribution<int>{}(threadPrng.urbg()) < _modeValue.load();
case nTimes:
if (_modeValue.subtractAndFetch(1) <= 0)
_disable();
return true;
Reported by FlawFinder.
Line: 216
Column: 31
CWE codes:
327
Suggestion:
Use a more secure technique for acquiring random values
}
val = static_cast<int>(longVal);
} else if (modeObj.hasField("activationProbability")) {
mode = FailPoint::random;
if (!modeObj["activationProbability"].isNumber()) {
return {ErrorCodes::TypeMismatch,
"the 'activationProbability' option to 'mode' must be a double between 0 "
"and 1"};
Reported by FlawFinder.
src/mongo/db/repl/idempotency_scalar_generator.cpp
2 issues
Line: 46
Column: 85
CWE codes:
327
Suggestion:
Use a more secure technique for acquiring random values
return Value(0);
}
RandomizedScalarGenerator::RandomizedScalarGenerator(PseudoRandom random) : _random(random) {}
Value RandomizedScalarGenerator::generateScalar() const {
auto randomInt = this->_random.nextInt32(static_cast<int32_t>(ScalarChoice::kNumChoices));
auto choice = static_cast<ScalarChoice>(randomInt);
auto randomBit = this->_random.nextInt32(2);
Reported by FlawFinder.
Line: 46
Column: 67
CWE codes:
327
Suggestion:
Use a more secure technique for acquiring random values
return Value(0);
}
RandomizedScalarGenerator::RandomizedScalarGenerator(PseudoRandom random) : _random(random) {}
Value RandomizedScalarGenerator::generateScalar() const {
auto randomInt = this->_random.nextInt32(static_cast<int32_t>(ScalarChoice::kNumChoices));
auto choice = static_cast<ScalarChoice>(randomInt);
auto randomBit = this->_random.nextInt32(2);
Reported by FlawFinder.
src/third_party/abseil-cpp-master/abseil-cpp/absl/flags/reflection_test.cc
2 issues
Line: 48
// --------------------------------------------------------------------
TEST_F(ReflectionTest, TestFindCommandLineFlag) {
auto* handle = absl::FindCommandLineFlag("some_flag");
EXPECT_EQ(handle, nullptr);
handle = absl::FindCommandLineFlag("int_flag");
EXPECT_NE(handle, nullptr);
Reported by Cppcheck.
Line: 112
Column: 16
CWE codes:
120
return true;
}
std::string AbslUnparseFlag(const CustomUDT& f) {
return absl::StrCat(f.a, ":", f.b);
}
} // namespace
// --------------------------------------------------------------------
Reported by FlawFinder.