The following issues were found
src/mongo/dbtests/querytests.cpp
2 issues
Line: 1954
CWE codes:
758
public:
void run() {
{
Ordering o = Ordering::make(BSON("a" << 1 << "b" << -1 << "c" << 1));
ASSERT_EQUALS(1, o.get(0));
ASSERT_EQUALS(-1, o.get(1));
ASSERT_EQUALS(1, o.get(2));
ASSERT(!o.descending(1));
Reported by Cppcheck.
Line: 1965
CWE codes:
758
}
{
Ordering o = Ordering::make(BSON("a.d" << 1 << "a" << 1 << "e" << -1));
ASSERT_EQUALS(1, o.get(0));
ASSERT_EQUALS(1, o.get(1));
ASSERT_EQUALS(-1, o.get(2));
ASSERT(!o.descending(1));
Reported by Cppcheck.
src/mongo/db/operation_cpu_timer_test.cpp
2 issues
Line: 78
#if defined(__linux__)
TEST_F(OperationCPUTimerTest, TestTimer) {
auto timer = getTimer();
timer->start();
busyWait(Nanoseconds(100)); // A small delay to make sure the timer advances.
ASSERT_GT(timer->getElapsed(), Nanoseconds(0));
Reported by Cppcheck.
Line: 216
#else
TEST_F(OperationCPUTimerTest, TimerNotSetIfNotSupported) {
auto timer = getTimer();
ASSERT(timer == nullptr);
}
#endif // defined(__linux__)
Reported by Cppcheck.
buildscripts/resmokelib/powercycle/lib/remote_operations.py
2 issues
Line: 76
Suggestion:
https://bandit.readthedocs.io/en/latest/plugins/b602_subprocess_popen_with_shell_equals_true.html
cmd = shlex.split(cmd)
# Use a common pipe for stdout & stderr for logging.
process = subprocess.Popen(cmd, stdout=subprocess.PIPE, stderr=subprocess.STDOUT,
shell=self.use_shell)
buff_stdout, _ = process.communicate()
buff = buff_stdout.decode("utf-8", "replace")
print("Result of command:")
print(textwrap.indent(buff, "[result body] "))
return process.poll(), buff
Reported by Bandit.
Line: 8
Suggestion:
https://bandit.readthedocs.io/en/latest/blacklists/blacklist_imports.html#b404-import-subprocess
import posixpath
import re
import shlex
import subprocess
import sys
import time
import textwrap
# Get relative imports to work when the package is not installed on the PYTHONPATH.
Reported by Bandit.
src/third_party/IntelRDFPMathLib20U1/LIBRARY/float128/dpml_ux_pow.c
2 issues
Line: 595
CWE codes:
908
{
if ( exponent > 0)
{ /* exponent > 18 , definite overflow or underflow */
UX_COPY(x, result);
scale = sign ? UX_UNDERFLOW_EXPONENT : UX_OVERFLOW_EXPONENT;
P_UX_EXPONENT(result, scale);
}
else
{ /* x is close to 0, just return 1 */
Reported by Cppcheck.
Line: 597
CWE codes:
908
{ /* exponent > 18 , definite overflow or underflow */
UX_COPY(x, result);
scale = sign ? UX_UNDERFLOW_EXPONENT : UX_OVERFLOW_EXPONENT;
P_UX_EXPONENT(result, scale);
}
else
{ /* x is close to 0, just return 1 */
UX_COPY( UX_ONE, result);
}
Reported by Cppcheck.
src/third_party/IntelRDFPMathLib20U1/LIBRARY/float128/dpml_ux_lgamma.c
2 issues
Line: 286
CWE codes:
908
if (sign && !(I & 1) && (G_UX_MSD( &fraction_part ) == 0))
{
P_UX_EXPONENT( unpacked_result, UX_UNDERFLOW_EXPONENT);
P_UX_MSD(unpacked_result, UX_MSB);
*signgam = 1;
return;
}
Reported by Cppcheck.
Line: 287
CWE codes:
908
if (sign && !(I & 1) && (G_UX_MSD( &fraction_part ) == 0))
{
P_UX_EXPONENT( unpacked_result, UX_UNDERFLOW_EXPONENT);
P_UX_MSD(unpacked_result, UX_MSB);
*signgam = 1;
return;
}
/* Set signgam to -1 if x < 0 and int(x) is odd, +1 otherwise */
Reported by Cppcheck.
buildscripts/resmokelib/run/generate_multiversion_exclude_tags.py
2 issues
Line: 36
Suggestion:
https://bandit.readthedocs.io/en/latest/plugins/b602_subprocess_popen_with_shell_equals_true.html
if is_windows():
mongo_shell = mongo_shell_path + ".exe"
shell_version = check_output(f"{mongo_shell} --version", shell=True,
env=env_vars).decode('utf-8')
for line in shell_version.splitlines():
if "gitVersion" in line:
version_line = line.split(':')[1]
# We identify the commit hash as the string enclosed by double quotation marks.
Reported by Bandit.
Line: 7
Suggestion:
https://bandit.readthedocs.io/en/latest/blacklists/blacklist_imports.html#b404-import-subprocess
import re
import tempfile
from collections import defaultdict
from subprocess import check_output
import requests
from buildscripts.ciconfig import tags as _tags
from buildscripts.resmokelib import multiversionconstants
Reported by Bandit.
src/third_party/IntelRDFPMathLib20U1/LIBRARY/float128/dpml_ux_int.c
2 issues
Line: 167
CWE codes:
758
}
else
{ /* L and R are contiguous */
LR = (current_digit >> (shift - 1)) & 0x3;
sticky |= (new_digit & mask);
lsd = (num_digits > 1) ? *arg_ptr : 0;
lsd = (lsd << (BITS_PER_UX_FRACTION_DIGIT_TYPE - shift)) |
(current_digit >> shift);
}
Reported by Cppcheck.
Line: 170
CWE codes:
758
LR = (current_digit >> (shift - 1)) & 0x3;
sticky |= (new_digit & mask);
lsd = (num_digits > 1) ? *arg_ptr : 0;
lsd = (lsd << (BITS_PER_UX_FRACTION_DIGIT_TYPE - shift)) |
(current_digit >> shift);
}
SKLR =
((G_UX_SIGN(unpacked_argument) >> (BITS_PER_UX_SIGN_TYPE - 3)) & 0x8)
Reported by Cppcheck.
buildscripts/resmokelib/selector.py
2 issues
Line: 12
Suggestion:
https://bandit.readthedocs.io/en/latest/blacklists/blacklist_imports.html#b404-import-subprocess
import fnmatch
import os.path
import random
import subprocess
import sys
import buildscripts.ciconfig.tags as _tags
from buildscripts.resmokelib import config
from buildscripts.resmokelib import errors
Reported by Bandit.
Line: 112
Suggestion:
https://bandit.readthedocs.io/en/latest/plugins/b603_subprocess_without_shell_equals_true.html
"""
command = [binary]
command.extend(args)
program = subprocess.Popen(command, stdout=subprocess.PIPE, stderr=subprocess.PIPE)
stdout, stderr = program.communicate()
return program.returncode, stdout.decode("utf-8"), stderr.decode("utf-8")
@staticmethod
def parse_tag_files(test_kind, tag_files=None, tagged_tests=None):
Reported by Bandit.
src/third_party/abseil-cpp-master/abseil-cpp/absl/random/beta_distribution_test.cc
2 issues
Line: 58
::testing::Types<float, double, long double>>::type;
TYPED_TEST_CASE(BetaDistributionInterfaceTest, RealTypes);
TYPED_TEST(BetaDistributionInterfaceTest, SerializeTest) {
// The threshold for whether std::exp(1/a) is finite.
const TypeParam kSmallA =
1.0f / std::log((std::numeric_limits<TypeParam>::max)());
// The threshold for whether a * std::log(a) is finite.
const TypeParam kLargeA =
Reported by Cppcheck.
Line: 428
Column: 28
CWE codes:
120
std::string ParamName(
const ::testing::TestParamInfo<::testing::tuple<double, double>>& info) {
std::string name = absl::StrCat("alpha_", ::testing::get<0>(info.param),
"__beta_", ::testing::get<1>(info.param));
return absl::StrReplaceAll(name, {{"+", "_"}, {"-", "_"}, {".", "_"}});
}
INSTANTIATE_TEST_CASE_P(
Reported by FlawFinder.
src/third_party/abseil-cpp-master/abseil-cpp/absl/container/internal/raw_hash_set.h
2 issues
Line: 1139
Column: 33
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
template <class... Args, typename std::enable_if<
!IsDecomposable<Args...>::value, int>::type = 0>
std::pair<iterator, bool> emplace(Args&&... args) {
alignas(slot_type) unsigned char raw[sizeof(slot_type)];
slot_type* slot = reinterpret_cast<slot_type*>(&raw);
PolicyTraits::construct(&alloc_ref(), slot, std::forward<Args>(args)...);
const auto& elem = PolicyTraits::element(slot);
return PolicyTraits::apply(InsertSlot<true>{*this, std::move(*slot)}, elem);
Reported by FlawFinder.
Line: 1629
Column: 33
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
// mark target as FULL
// repeat procedure for current slot with moved from element (target)
ConvertDeletedToEmptyAndFullToDeleted(ctrl_, capacity_);
alignas(slot_type) unsigned char raw[sizeof(slot_type)];
size_t total_probe_length = 0;
slot_type* slot = reinterpret_cast<slot_type*>(&raw);
for (size_t i = 0; i != capacity_; ++i) {
if (!IsDeleted(ctrl_[i])) continue;
size_t hash = PolicyTraits::apply(HashElement{hash_ref()},
Reported by FlawFinder.