The following issues were found

buildscripts/burn_in_tests.py
2 issues
Consider possible security implications associated with subprocess module.
Security blacklist

Line: 7
Suggestion: https://bandit.readthedocs.io/en/latest/blacklists/blacklist_imports.html#b404-import-subprocess 

              import logging
import os.path
import shlex
import subprocess
import sys
from abc import ABC, abstractmethod
from collections import defaultdict
from typing import Optional, Set, Tuple, List, Dict, NamedTuple

Reported by Bandit.

subprocess call - check for execution of untrusted input.
Security injection

Line: 404
Suggestion: https://bandit.readthedocs.io/en/latest/plugins/b603_subprocess_without_shell_equals_true.html 

                      new_resmoke_cmd.extend(tests_by_task[task].tests)
        log.debug("starting execution of task")
        try:
            subprocess.check_call(new_resmoke_cmd, shell=False)
        except subprocess.CalledProcessError as err:
            log.warning("Resmoke returned an error with task", error=err.returncode)
            sys.exit(err.returncode)

Reported by Bandit.

src/third_party/abseil-cpp-master/abseil-cpp/absl/base/internal/exponential_biased_test.cc
2 issues
syntax error
Error

Line: 117 

                return p;
}

TEST(ExponentialBiasedTest, CoinTossDemoWithGetSkipCount) {
  ExponentialBiased eb;
  for (int runs = 0; runs < 10; ++runs) {
    for (int flips = eb.GetSkipCount(1); flips > 0; --flips) {
      printf("head...");
    }

Reported by Cppcheck.

StrCat - Does not check for buffer overflows when concatenating to destination [MS-banned]
Security

Line: 34 Column: 18 CWE codes: 120 

              namespace base_internal {

MATCHER_P2(IsBetween, a, b,
           absl::StrCat(std::string(negation ? "isn't" : "is"), " between ", a,
                        " and ", b)) {
  return a <= arg && arg <= b;
}

// Tests of the quality of the random numbers generated

Reported by FlawFinder.

src/third_party/abseil-cpp-master/abseil-cpp/absl/random/internal/iostream_state_saver.h
2 issues
read - Check buffer boundaries if used in a loop including recursive loops
Security

Line: 186 Column: 24 CWE codes: 120 20 

              template <>
struct stream_u128_helper<absl::uint128> {
  template <typename IStream>
  inline absl::uint128 read(IStream& in) {
    uint64_t h = 0;
    uint64_t l = 0;
    in >> h >> l;
    return absl::MakeUint128(h, l);
  }

Reported by FlawFinder.

read - Check buffer boundaries if used in a loop including recursive loops
Security

Line: 205 Column: 22 CWE codes: 120 20 

              template <>
struct stream_u128_helper<__uint128_t> {
  template <typename IStream>
  inline __uint128_t read(IStream& in) {
    uint64_t h = 0;
    uint64_t l = 0;
    in >> h >> l;
    return (static_cast<__uint128_t>(h) << 64) | l;
  }

Reported by FlawFinder.

src/mongo/util/md5.hpp
2 issues
char - Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues
Security

Line: 43 Column: 18 CWE codes: 119 120
Suggestion: Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length 

              
namespace mongo {

typedef unsigned char md5digest[16];

inline void md5(const void* buf, int nbytes, md5digest digest) {
    md5_state_t st;
    md5_init(&st);
    md5_append(&st, (const md5_byte_t*)buf, nbytes);

Reported by FlawFinder.

strlen - Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected)
Security

Line: 53 Column: 14 CWE codes: 126 

              }

inline void md5(const char* str, md5digest digest) {
    md5(str, strlen(str), digest);
}

inline std::string digestToString(md5digest digest) {
    static const char* letters = "0123456789abcdef";
    std::stringstream ss;

Reported by FlawFinder.

src/third_party/abseil-cpp-master/abseil-cpp/absl/random/internal/nanobenchmark.cc
2 issues
char - Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues
Security

Line: 101 Column: 3 CWE codes: 119 120
Suggestion: Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length 

              }

std::string BrandString() {
  char brand_string[49];
  uint32_t abcd[4];

  // Check if brand string is supported (it is on all reasonable Intel/AMD)
  Cpuid(0x80000000U, 0, abcd);
  if (abcd[0] < 0x80000004U) {

Reported by FlawFinder.

memcpy - Does not check for buffer overflows when copying to destination
Security

Line: 112 Column: 5 CWE codes: 120
Suggestion: Make sure destination can always hold the source data 

              
  for (int i = 0; i < 3; ++i) {
    Cpuid(0x80000002U + i, 0, abcd);
    memcpy(brand_string + i * 16, &abcd, sizeof(abcd));
  }
  brand_string[48] = 0;
  return brand_string;
}

Reported by FlawFinder.

src/mongo/dbtests/query_stage_sort.cpp
2 issues
Shifting by a negative value is undefined behaviour
Error

Line: 167 CWE codes: 758 

                      // Insert a mix of the various types of data.
        insertVarietyOfObjects(ws.get(), queuedDataStage.get(), coll);

        auto sortPattern = BSON("foo" << direction);
        auto keyGenStage = std::make_unique<SortKeyGeneratorStage>(
            _expCtx, std::move(queuedDataStage), ws.get(), sortPattern);

        auto sortStage = std::make_unique<SortStageDefault>(_expCtx,
                                                            ws.get(),

Reported by Cppcheck.

Shifting by a negative value is undefined behaviour
Error

Line: 598 CWE codes: 758 

                          }
        }

        auto sortPattern = BSON("b" << -1 << "c" << 1 << "a" << 1);

        auto keyGenStage = std::make_unique<SortKeyGeneratorStage>(
            _expCtx, std::move(queuedDataStage), ws.get(), sortPattern);

        auto sortStage = std::make_unique<SortStageDefault>(_expCtx,

Reported by Cppcheck.

src/mongo/db/exec/sbe/stages/check_bounds.cpp
2 issues
open - Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents?
Security

Line: 70 Column: 24 CWE codes: 362 

                  return _children[0]->getAccessor(ctx, slot);
}

void CheckBoundsStage::open(bool reOpen) {
    auto optTimer(getOptTimer(_opCtx));

    _commonStats.opens++;
    _children[0]->open(reOpen);
    _isEOF = false;

Reported by FlawFinder.

open - Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents?
Security

Line: 74 Column: 19 CWE codes: 362 

                  auto optTimer(getOptTimer(_opCtx));

    _commonStats.opens++;
    _children[0]->open(reOpen);
    _isEOF = false;
}

PlanState CheckBoundsStage::getNext() {
    auto optTimer(getOptTimer(_opCtx));

Reported by FlawFinder.

buildscripts/resmokelib/testing/hooks/hello_failures.py
2 issues
Attempted relative import beyond top-level package
Error

Line: 13 Column: 1 

              from buildscripts.resmokelib.testing.fixtures import replicaset
from buildscripts.resmokelib.testing.fixtures import shardedcluster

from . import interface
from . import jsfile


class HelloDelays(interface.Hook):
    """Sets Hello fault injections."""

Reported by Pylint.

Attempted relative import beyond top-level package
Error

Line: 14 Column: 1 

              from buildscripts.resmokelib.testing.fixtures import shardedcluster

from . import interface
from . import jsfile


class HelloDelays(interface.Hook):
    """Sets Hello fault injections."""

Reported by Pylint.

src/third_party/abseil-cpp-master/abseil-cpp/absl/container/internal/inlined_vector.h
2 issues
memcpy - Does not check for buffer overflows when copying to destination
Security

Line: 93 Column: 3 CWE codes: 120
Suggestion: Make sure destination can always hold the source data 

              // memcpy when allowed.
template <>
inline void MemcpyIfAllowed<true>(void* dst, const void* src, size_t n) {
  memcpy(dst, src, n);
}

// Do nothing for types that are not memcpy-able. This function is only
// called from non-reachable branches.
template <>

Reported by FlawFinder.

char - Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues
Security

Line: 490 Column: 25 CWE codes: 119 120
Suggestion: Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length 

                };

  struct Inlined {
    alignas(value_type) char inlined_data[sizeof(value_type[N])];
  };

  union Data {
    Allocated allocated;
    Inlined inlined;

Reported by FlawFinder.

src/third_party/boost/boost/archive/basic_binary_iprimitive.hpp
2 issues
memcpy - Does not check for buffer overflows when copying to destination
Security

Line: 41 Column: 13 CWE codes: 120
Suggestion: Make sure destination can always hold the source data 

              #include <boost/config.hpp>
#if defined(BOOST_NO_STDC_NAMESPACE)
namespace std{
    using ::memcpy;
    using ::size_t;
} // namespace std
#endif

#include <boost/cstdint.hpp>

Reported by FlawFinder.

memcpy - Does not check for buffer overflows when copying to destination
Security

Line: 188 Column: 14 CWE codes: 120
Suggestion: Make sure destination can always hold the source data 

                          boost::serialization::throw_exception(
                archive_exception(archive_exception::input_stream_error)
            );
        std::memcpy(static_cast<char*>(address) + (count - s), &t, static_cast<std::size_t>(s));
    }
}

} // namespace archive
} // namespace boost

Reported by FlawFinder.