The following issues were found

src/third_party/asio-master/asio/include/asio/datagram_socket_service.hpp
2 issues
open - Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents?
Security

Line: 141 Column: 21 CWE codes: 362 

                }

  // Open a new datagram socket implementation.
  ASIO_SYNC_OP_VOID open(implementation_type& impl,
      const protocol_type& protocol, asio::error_code& ec)
  {
    if (protocol.type() == ASIO_OS_DEF(SOCK_DGRAM))
      service_impl_.open(impl, protocol, ec);
    else

Reported by FlawFinder.

open - Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents?
Security

Line: 145 Column: 21 CWE codes: 362 

                    const protocol_type& protocol, asio::error_code& ec)
  {
    if (protocol.type() == ASIO_OS_DEF(SOCK_DGRAM))
      service_impl_.open(impl, protocol, ec);
    else
      ec = asio::error::invalid_argument;
    ASIO_SYNC_OP_VOID_RETURN(ec);
  }

Reported by FlawFinder.

buildscripts/tests/test_remote_operations.py
2 issues
Probable insecure usage of temp file/directory.
Security

Line: 180
Suggestion: https://bandit.readthedocs.io/en/latest/plugins/b108_hardcoded_tmp_directory.html 

              
        # Command with directory and pipe
        ret, buff = self.rop.shell("touch {dir}/{file}; ls {dir} | grep {file}".format(
            file=time.time(), dir="/tmp"))
        self.assertEqual(0, ret)
        self.assertIsNotNone(buff)

        ret, buff = self.rop_use_shell.shell("touch {dir}/{file}; ls {dir} | grep {file}".format(
            file=time.time(), dir="/tmp"))

Reported by Bandit.

Probable insecure usage of temp file/directory.
Security

Line: 185
Suggestion: https://bandit.readthedocs.io/en/latest/plugins/b108_hardcoded_tmp_directory.html 

                      self.assertIsNotNone(buff)

        ret, buff = self.rop_use_shell.shell("touch {dir}/{file}; ls {dir} | grep {file}".format(
            file=time.time(), dir="/tmp"))
        self.assertEqual(0, ret)
        self.assertIsNotNone(buff)


class RemoteOperationCopyTo(RemoteOperationsTestCase):

Reported by Bandit.

buildscripts/resmokelib/testing/hooks/tenant_migration.py
2 issues
Standard pseudo-random generators are not suitable for security/cryptographic purposes.
Security blacklist

Line: 298
Suggestion: https://bandit.readthedocs.io/en/latest/blacklists/blacklist_calls.html#b311-random 

              
                # Briefly wait to let the test run before starting the tenant migration, so that
                # the first migration is more likely to have data to migrate.
                wait_secs = random.uniform(
                    *self.WAIT_SECS_RANGES[migration_num % len(self.WAIT_SECS_RANGES)])
                self.logger.info("Waiting for %.3f seconds before starting migration.", wait_secs)
                self.__lifecycle.wait_for_tenant_migration_interval(wait_secs)

                self.logger.info("Starting tenant migration: %s.", str(migration_opts))

Reported by Bandit.

Standard pseudo-random generators are not suitable for security/cryptographic purposes.
Security blacklist

Line: 374
Suggestion: https://bandit.readthedocs.io/en/latest/blacklists/blacklist_calls.html#b311-random 

                  def _create_migration_opts(self, donor_rs_index, recipient_rs_index):
        donor_rs = self._tenant_migration_fixture.get_replset(donor_rs_index)
        recipient_rs = self._tenant_migration_fixture.get_replset(recipient_rs_index)
        read_preference = {"mode": "primary"} if random.randint(0, 1) else {"mode": "secondary"}
        return _TenantMigrationOptions(donor_rs, recipient_rs, self._tenant_id, read_preference,
                                       self.logger)

    def _create_client(self, node):
        return fixture_interface.authenticate(node.mongo_client(), self._auth_options)

Reported by Bandit.

src/mongo/db/pipeline/expression.cpp
2 issues
There is an unknown macro here somewhere. Configuration is required. If REGISTER_STABLE_EXPRESSION is a macro then please configure it.
Error

Line: 5170 

              
/* ------------------------- ExpressionSwitch ------------------------------ */

REGISTER_STABLE_EXPRESSION(switch, ExpressionSwitch::parse);

Value ExpressionSwitch::evaluate(const Document& root, Variables* variables) const {
    for (auto&& branch : _branches) {
        Value caseExpression(branch.first->evaluate(root, variables));

Reported by Cppcheck.

char - Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues
Security

Line: 931 Column: 11 CWE codes: 119 120
Suggestion: Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length 

              struct CmpLookup {
    const bool truthValue[3];                // truth value for -1, 0, 1
    const ExpressionCompare::CmpOp reverse;  // reverse(b,a) returns the same as op(a,b)
    const char name[5];                      // string name with trailing '\0'
};
static const CmpLookup cmpLookup[7] = {
    /*             -1      0      1      reverse                  name   */
    /* EQ  */ {{false, true, false}, ExpressionCompare::EQ, "$eq"},
    /* NE  */ {{true, false, true}, ExpressionCompare::NE, "$ne"},

Reported by FlawFinder.

src/mongo/db/sorter/sorter_test.cpp
2 issues
syntax error
Error

Line: 716 

                  return ranges;
}

DEATH_TEST_F(
    SorterMakeFromExistingRangesTest,
    NonZeroLimit,
    "Creating a Sorter from existing ranges is only available with the NoLimitSorter (limit 0)") {
    auto opts = SortOptions().Limit(1ULL);
    IWSorter::makeFromExistingRanges("", {}, opts, IWComparator(ASC));

Reported by Cppcheck.

read - Check buffer boundaries if used in a loop including recursive loops
Security

Line: 92 Column: 20 CWE codes: 120 20 

                      buf.appendNum(_i);
    }
    static IntWrapper deserializeForSorter(BufReader& buf, const SorterDeserializeSettings&) {
        return buf.read<LittleEndian<int>>().value;
    }
    int memUsageForSorter() const {
        return sizeof(IntWrapper);
    }
    IntWrapper getOwned() const {

Reported by FlawFinder.

src/third_party/asio-master/asio/include/asio/detail/old_win_sdk_compat.hpp
2 issues
char - Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues
Security

Line: 52 Column: 3 CWE codes: 119 120
Suggestion: Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length 

              struct sockaddr_storage_emulation
{
  short ss_family;
  char __ss_pad1[sockaddr_storage_pad1size];
  __int64 __ss_align;
  char __ss_pad2[sockaddr_storage_pad2size];
};

struct in6_addr_emulation

Reported by FlawFinder.

char - Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues
Security

Line: 54 Column: 3 CWE codes: 119 120
Suggestion: Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length 

                short ss_family;
  char __ss_pad1[sockaddr_storage_pad1size];
  __int64 __ss_align;
  char __ss_pad2[sockaddr_storage_pad2size];
};

struct in6_addr_emulation
{
  union

Reported by FlawFinder.

src/third_party/abseil-cpp-master/abseil-cpp/absl/base/internal/exception_safety_testing.h
2 issues
StrCat - Does not check for buffer overflows when concatenating to destination [MS-banned]
Security

Line: 587 Column: 18 CWE codes: 120 

              
 private:
  static std::string GetInstanceString(int dummy) {
    return absl::StrCat("ThrowingValue<",
                        exceptions_internal::GetSpecString(Spec), ">(", dummy,
                        ")");
  }

  int dummy_;

Reported by FlawFinder.

StrCat - Does not check for buffer overflows when concatenating to destination [MS-banned]
Security

Line: 749 Column: 18 CWE codes: 120 

              
 private:
  static std::string GetInstanceString(int dummy) {
    return absl::StrCat("ThrowingAllocator<",
                        exceptions_internal::GetSpecString(Spec), ">(", dummy,
                        ")");
  }

  const std::shared_ptr<const int>& State() const { return dummy_; }

Reported by FlawFinder.

src/third_party/abseil-cpp-master/abseil-cpp/absl/random/uniform_real_distribution_test.cc
2 issues
syntax error
Error

Line: 72 

              
TYPED_TEST_SUITE(UniformRealDistributionTest, RealTypes);

TYPED_TEST(UniformRealDistributionTest, ParamSerializeTest) {
  using param_type =
      typename absl::uniform_real_distribution<TypeParam>::param_type;

  constexpr const TypeParam a{1152921504606846976};

Reported by Cppcheck.

StrCat - Does not check for buffer overflows when concatenating to destination [MS-banned]
Security

Line: 164 Column: 31 CWE codes: 120 

              
    if (!std::is_same<TypeParam, long double>::value) {
      // static_cast<double>(long double) can overflow.
      std::string msg = absl::StrCat("Range: ", static_cast<double>(sample_min),
                                     ", ", static_cast<double>(sample_max));
      ABSL_RAW_LOG(INFO, "%s", msg.c_str());
    }
  }
}

Reported by FlawFinder.

src/mongo/util/time_support.cpp
2 issues
char - Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues
Security

Line: 133 Column: 5 CWE codes: 119 120
Suggestion: Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length 

              }

std::string time_t_to_String_short(time_t t) {
    char buf[64];
#if defined(_WIN32)
    ctime_s(buf, sizeof(buf), &t);
#else
    ctime_r(&t, buf);
#endif

Reported by FlawFinder.

char - Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues
Security

Line: 156 Column: 5 CWE codes: 119 120
Suggestion: Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length 

                  const auto fmt = appendZed ? kUTCFilenameFormatZ : kUTCFilenameFormat;
    const std::size_t expLen = appendZed ? 20 : 19;

    char buf[32];
    fassert(16226, strftime(buf, sizeof(buf), fmt.rawData(), &t) == expLen);
    return buf;
}

DateStringBuffer& DateStringBuffer::iso8601(Date_t date, bool local) {

Reported by FlawFinder.

src/mongo/db/index_builds_coordinator_mongod.cpp
2 issues
Syntax Error: AST broken, 'if' doesn't have two operands.
Error

Line: 338 

                      });

        // Clean up if we failed to schedule the task.
        if (!status.isOK()) {
            activeIndexBuilds.unregisterIndexBuild(&_indexBuildsManager, replState);
            startPromise.setError(status);
            return;
        }

Reported by Cppcheck.

equal - Function does not check the second iterator for over-read conditions
Security

Line: 797 Column: 21 CWE codes: 126
Suggestion: This function is often discouraged by most C++ coding standards in favor of its safer alternatives provided since C++14. Consider using a form of this function that checks the second iterator before potentially overflowing it 

                          return false;
        }
        // Ensure the ReplIndexBuildState has the same indexes as 'indexNames'.
        return std::equal(
            replState.indexNames.begin(), replState.indexNames.end(), indexNames.begin());
    };
    auto collIndexBuilds = activeIndexBuilds.filterIndexBuilds(pred);
    if (collIndexBuilds.empty()) {
        return Status(ErrorCodes::IndexNotFound,

Reported by FlawFinder.