The following issues were found

src/third_party/abseil-cpp-master/abseil-cpp/absl/random/internal/randen_engine_test.cc
2 issues
syntax error
Error

Line: 44 

              
TYPED_TEST_SUITE(RandenEngineTypedTest, UIntTypes);

TYPED_TEST(RandenEngineTypedTest, VerifyReseedChangesAllValues) {
  using randen = typename absl::random_internal::randen_engine<TypeParam>;
  using result_type = typename randen::result_type;

  const size_t kNumOutputs = (sizeof(randen) * 2 / sizeof(TypeParam)) + 1;
  randen engine;

Reported by Cppcheck.

StrCat - Does not check for buffer overflows when concatenating to destination [MS-banned]
Security

Line: 648 Column: 33 CWE codes: 120 

                }
  auto duration = absl::GetCurrentTimeNanos() - start;

  ABSL_INTERNAL_LOG(INFO, absl::StrCat(static_cast<double>(duration) /
                                           static_cast<double>(kCount),
                                       "ns"));

  EXPECT_GT(sum, 0);
  EXPECT_GE(duration, kCount);  // Should be slower than 1ns per call.

Reported by FlawFinder.

buildscripts/tests/test_burn_in_tests_multiversion.py
2 issues
Use of assert detected. The enclosed code will be removed when compiling to optimised byte code.
Security

Line: 70
Suggestion: https://bandit.readthedocs.io/en/latest/plugins/b101_assert_used.html 

              

def create_multiversion_tests_by_task_mock(n_tasks, n_tests):
    assert n_tasks <= len(MV_MOCK_SUITES)
    assert n_tests <= len(MV_MOCK_TESTS[MV_MOCK_SUITES[0]])
    return {
        f"{MV_MOCK_SUITES[i]}": TaskInfo(
            display_task_name=f"task_{i}",
            resmoke_args=f"--suites=suite_{i}",

Reported by Bandit.

Use of assert detected. The enclosed code will be removed when compiling to optimised byte code.
Security

Line: 71
Suggestion: https://bandit.readthedocs.io/en/latest/plugins/b101_assert_used.html 

              
def create_multiversion_tests_by_task_mock(n_tasks, n_tests):
    assert n_tasks <= len(MV_MOCK_SUITES)
    assert n_tests <= len(MV_MOCK_TESTS[MV_MOCK_SUITES[0]])
    return {
        f"{MV_MOCK_SUITES[i]}": TaskInfo(
            display_task_name=f"task_{i}",
            resmoke_args=f"--suites=suite_{i}",
            tests=[f"jstests/{MV_MOCK_TESTS[MV_MOCK_SUITES[i]][j]}" for j in range(n_tests)],

Reported by Bandit.

src/third_party/abseil-cpp-master/abseil-cpp/absl/random/internal/randen_round_keys.cc
2 issues
char - Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues
Security

Line: 90 Column: 28 CWE codes: 119 120
Suggestion: Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length 

              static constexpr size_t kKeyBytes = 2176;
}

alignas(16) const unsigned char kRandenRoundKeysBE[kKeyBytes] = {
    0x24, 0x3F, 0x6A, 0x88, 0x85, 0xA3, 0x08, 0xD3, 0x13, 0x19, 0x8A, 0x2E,
    0x03, 0x70, 0x73, 0x44, 0xA4, 0x09, 0x38, 0x22, 0x29, 0x9F, 0x31, 0xD0,
    0x08, 0x2E, 0xFA, 0x98, 0xEC, 0x4E, 0x6C, 0x89, 0x45, 0x28, 0x21, 0xE6,
    0x38, 0xD0, 0x13, 0x77, 0xBE, 0x54, 0x66, 0xCF, 0x34, 0xE9, 0x0C, 0x6C,
    0xC0, 0xAC, 0x29, 0xB7, 0xC9, 0x7C, 0x50, 0xDD, 0x3F, 0x84, 0xD5, 0xB5,

Reported by FlawFinder.

char - Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues
Security

Line: 275 Column: 28 CWE codes: 119 120
Suggestion: Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length 

                  0x97, 0x24, 0x45, 0x46,
};

alignas(16) const unsigned char kRandenRoundKeys[kKeyBytes] = {
    0x44, 0x73, 0x70, 0x03, 0x2E, 0x8A, 0x19, 0x13, 0xD3, 0x08, 0xA3, 0x85,
    0x88, 0x6A, 0x3F, 0x24, 0x89, 0x6C, 0x4E, 0xEC, 0x98, 0xFA, 0x2E, 0x08,
    0xD0, 0x31, 0x9F, 0x29, 0x22, 0x38, 0x09, 0xA4, 0x6C, 0x0C, 0xE9, 0x34,
    0xCF, 0x66, 0x54, 0xBE, 0x77, 0x13, 0xD0, 0x38, 0xE6, 0x21, 0x28, 0x45,
    0x17, 0x09, 0x47, 0xB5, 0xB5, 0xD5, 0x84, 0x3F, 0xDD, 0x50, 0x7C, 0xC9,

Reported by FlawFinder.

src/mongo/db/exec/sbe/stages/exchange.h
2 issues
open - Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents?
Security

Line: 270 Column: 10 CWE codes: 362 

              
    void prepare(CompileCtx& ctx) final;
    value::SlotAccessor* getAccessor(CompileCtx& ctx, value::SlotId slot) final;
    void open(bool reOpen) final;
    PlanState getNext() final;
    void close() final;

    std::unique_ptr<PlanStageStats> getStats(bool includeDebugInfo) const final;
    const SpecificStats* getSpecificStats() const final;

Reported by FlawFinder.

open - Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents?
Security

Line: 321 Column: 10 CWE codes: 362 

              
    void prepare(CompileCtx& ctx) final;
    value::SlotAccessor* getAccessor(CompileCtx& ctx, value::SlotId slot) final;
    void open(bool reOpen) final;
    PlanState getNext() final;
    void close() final;

    std::unique_ptr<PlanStageStats> getStats(bool includeDebugInfo) const final;
    const SpecificStats* getSpecificStats() const final;

Reported by FlawFinder.

src/mongo/db/exec/sbe/stages/filter.h
2 issues
open - Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents?
Security

Line: 83 Column: 10 CWE codes: 362 

                      return _children[0]->getAccessor(ctx, slot);
    }

    void open(bool reOpen) final {
        auto optTimer(getOptTimer(_opCtx));

        _commonStats.opens++;

        if constexpr (IsConst) {

Reported by FlawFinder.

open - Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents?
Security

Line: 97 Column: 23 CWE codes: 362 

                              return;
            }
        }
        _children[0]->open(reOpen);
        _childOpened = true;
    }

    PlanState getNext() final {
        auto optTimer(getOptTimer(_opCtx));

Reported by FlawFinder.

src/third_party/abseil-cpp-master/abseil-cpp/absl/random/internal/randen_traits.h
2 issues
char - Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues
Security

Line: 81 Column: 23 CWE codes: 119 120
Suggestion: Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length 

              };

// Randen key arrays. In randen_round_keys.cc
extern const unsigned char kRandenRoundKeys[RandenTraits::kKeyBytes];
extern const unsigned char kRandenRoundKeysBE[RandenTraits::kKeyBytes];

}  // namespace random_internal
ABSL_NAMESPACE_END
}  // namespace absl

Reported by FlawFinder.

char - Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues
Security

Line: 82 Column: 23 CWE codes: 119 120
Suggestion: Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length 

              
// Randen key arrays. In randen_round_keys.cc
extern const unsigned char kRandenRoundKeys[RandenTraits::kKeyBytes];
extern const unsigned char kRandenRoundKeysBE[RandenTraits::kKeyBytes];

}  // namespace random_internal
ABSL_NAMESPACE_END
}  // namespace absl

Reported by FlawFinder.

src/mongo/db/exec/sbe/stages/hash_agg.cpp
2 issues
open - Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents?
Security

Line: 134 Column: 20 CWE codes: 362 

                  return ctx.getAccessor(slot);
}

void HashAggStage::open(bool reOpen) {
    auto optTimer(getOptTimer(_opCtx));

    _commonStats.opens++;

    if (!reOpen || _seekKeysAccessors.empty()) {

Reported by FlawFinder.

open - Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents?
Security

Line: 140 Column: 23 CWE codes: 362 

                  _commonStats.opens++;

    if (!reOpen || _seekKeysAccessors.empty()) {
        _children[0]->open(_childOpened);
        _childOpened = true;

        if (_collatorAccessor) {
            auto [tag, collatorVal] = _collatorAccessor->getViewOfValue();
            uassert(

Reported by FlawFinder.

src/third_party/abseil-cpp-master/abseil-cpp/absl/random/internal/seed_material.cc
2 issues
open - Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents?
Security

Line: 132 Column: 21 CWE codes: 362 

                auto buffer = reinterpret_cast<uint8_t*>(values.data());
  size_t buffer_size = sizeof(uint32_t) * values.size();

  int dev_urandom = open(kEntropyFile, O_RDONLY);
  bool success = (-1 != dev_urandom);
  if (!success) {
    return false;
  }

Reported by FlawFinder.

read - Check buffer boundaries if used in a loop including recursive loops
Security

Line: 139 Column: 22 CWE codes: 120 20 

                }

  while (success && buffer_size > 0) {
    int bytes_read = read(dev_urandom, buffer, buffer_size);
    int read_error = errno;
    success = (bytes_read > 0);
    if (success) {
      buffer += bytes_read;
      buffer_size -= bytes_read;

Reported by FlawFinder.

src/mongo/db/storage/storage_file_util.cpp
2 issues
open - Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents?
Security

Line: 52 Column: 10 CWE codes: 362 

              
Status fsyncFile(const boost::filesystem::path& path) {
    File file;
    file.open(path.string().c_str(), /*read-only*/ false, /*direct-io*/ false);
    if (!file.is_open()) {
        return {ErrorCodes::FileOpenFailed,
                str::stream() << "Failed to open file " << path.string()};
    }
    file.fsync();

Reported by FlawFinder.

open - Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents?
Security

Line: 72 Column: 16 CWE codes: 362 

              
    LOGV2_DEBUG(22289, 1, "flushing directory {dir_string}", "dir_string"_attr = dir.string());

    int fd = ::open(dir.string().c_str(), O_RDONLY);
    if (fd < 0) {
        return {ErrorCodes::FileOpenFailed,
                str::stream() << "Failed to open directory " << dir.string()
                              << " for flushing: " << errnoWithDescription()};
    }

Reported by FlawFinder.

src/mongo/db/s/balancer/balancer_chunk_selection_policy_impl.cpp
2 issues
random - This function is not sufficiently random for security-related functions such as key and nonce creation
Security

Line: 273 Column: 90 CWE codes: 327
Suggestion: Use a more secure technique for acquiring random values 

              }  // namespace

BalancerChunkSelectionPolicyImpl::BalancerChunkSelectionPolicyImpl(ClusterStatistics* clusterStats,
                                                                   BalancerRandomSource& random)
    : _clusterStats(clusterStats), _random(random) {}

BalancerChunkSelectionPolicyImpl::~BalancerChunkSelectionPolicyImpl() = default;

StatusWith<SplitInfoVector> BalancerChunkSelectionPolicyImpl::selectChunksToSplit(

Reported by FlawFinder.

random - This function is not sufficiently random for security-related functions such as key and nonce creation
Security

Line: 274 Column: 44 CWE codes: 327
Suggestion: Use a more secure technique for acquiring random values 

              
BalancerChunkSelectionPolicyImpl::BalancerChunkSelectionPolicyImpl(ClusterStatistics* clusterStats,
                                                                   BalancerRandomSource& random)
    : _clusterStats(clusterStats), _random(random) {}

BalancerChunkSelectionPolicyImpl::~BalancerChunkSelectionPolicyImpl() = default;

StatusWith<SplitInfoVector> BalancerChunkSelectionPolicyImpl::selectChunksToSplit(
    OperationContext* opCtx) {

Reported by FlawFinder.