The following issues were found
src/third_party/pcre-8.42/pcrecpp_unittest.cc
20 issues
Line: 979
Column: 5
CWE codes:
134
Suggestion:
Make format string constant
CHECK(RE("(-?\\d+)").FullMatch("100", &v)); CHECK_EQ(v, 100);
CHECK(RE("(-?\\d+)").FullMatch("-100",&v)); CHECK_EQ(v, -100);
sprintf(buf, LLD, max_value);
CHECK(RE("(-?\\d+)").FullMatch(buf,&v)); CHECK_EQ(v, max_value);
sprintf(buf, LLD, min_value);
CHECK(RE("(-?\\d+)").FullMatch(buf,&v)); CHECK_EQ(v, min_value);
Reported by FlawFinder.
Line: 982
Column: 5
CWE codes:
134
Suggestion:
Make format string constant
sprintf(buf, LLD, max_value);
CHECK(RE("(-?\\d+)").FullMatch(buf,&v)); CHECK_EQ(v, max_value);
sprintf(buf, LLD, min_value);
CHECK(RE("(-?\\d+)").FullMatch(buf,&v)); CHECK_EQ(v, min_value);
sprintf(buf, LLD, max_value);
assert(buf[strlen(buf)-1] != '9');
buf[strlen(buf)-1]++;
Reported by FlawFinder.
Line: 985
Column: 5
CWE codes:
134
Suggestion:
Make format string constant
sprintf(buf, LLD, min_value);
CHECK(RE("(-?\\d+)").FullMatch(buf,&v)); CHECK_EQ(v, min_value);
sprintf(buf, LLD, max_value);
assert(buf[strlen(buf)-1] != '9');
buf[strlen(buf)-1]++;
CHECK(!RE("(-?\\d+)").FullMatch(buf, &v));
sprintf(buf, LLD, min_value);
Reported by FlawFinder.
Line: 990
Column: 5
CWE codes:
134
Suggestion:
Make format string constant
buf[strlen(buf)-1]++;
CHECK(!RE("(-?\\d+)").FullMatch(buf, &v));
sprintf(buf, LLD, min_value);
assert(buf[strlen(buf)-1] != '9');
buf[strlen(buf)-1]++;
CHECK(!RE("(-?\\d+)").FullMatch(buf, &v));
}
#endif
Reported by FlawFinder.
Line: 1006
Column: 5
CWE codes:
134
Suggestion:
Make format string constant
CHECK(RE("(-?\\d+)").FullMatch("100",&v)); CHECK_EQ(v, 100);
CHECK(RE("(-?\\d+)").FullMatch("-100",&v2)); CHECK_EQ(v2, -100);
sprintf(buf, LLU, max_value);
CHECK(RE("(-?\\d+)").FullMatch(buf,&v)); CHECK_EQ(v, max_value);
assert(buf[strlen(buf)-1] != '9');
buf[strlen(buf)-1]++;
CHECK(!RE("(-?\\d+)").FullMatch(buf, &v));
Reported by FlawFinder.
Line: 1318
Column: 7
CWE codes:
807
20
Suggestion:
Check environment variables carefully before using them
TestRecursion();
// Test Options
if (getenv("VERBOSE_TEST") != NULL)
VERBOSE_TEST = true;
TestOptions();
// Test the constructors
TestConstructors();
Reported by FlawFinder.
Line: 115
Column: 5
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
initial_size = VirtualProcessSize();
printf("Size after 50000: %llu\n", initial_size);
}
char buf[100]; // definitely big enough
sprintf(buf, "pat%09d", i);
RE newre(buf);
}
uint64 final_size = VirtualProcessSize();
printf("Size after 100000: %llu\n", final_size);
Reported by FlawFinder.
Line: 116
Column: 5
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
printf("Size after 50000: %llu\n", initial_size);
}
char buf[100]; // definitely big enough
sprintf(buf, "pat%09d", i);
RE newre(buf);
}
uint64 final_size = VirtualProcessSize();
printf("Size after 100000: %llu\n", final_size);
const double growth = double(final_size - initial_size) / final_size;
Reported by FlawFinder.
Line: 822
Column: 23
CWE codes:
190
Suggestion:
If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended)
}
if (argc > 1) {
if ( argc == 2 || atoi(argv[2]) == 0) {
printf("timing mode needs a num-iters argument\n");
return 1;
}
if (!strcmp(argv[1], "timing1"))
Timing1(atoi(argv[2]));
Reported by FlawFinder.
Line: 827
Column: 15
CWE codes:
190
Suggestion:
If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended)
return 1;
}
if (!strcmp(argv[1], "timing1"))
Timing1(atoi(argv[2]));
else if (!strcmp(argv[1], "timing2"))
Timing2(atoi(argv[2]));
else if (!strcmp(argv[1], "timing3"))
Timing3(atoi(argv[2]));
else
Reported by FlawFinder.
src/third_party/wiredtiger/test/suite/test_util18.py
20 issues
Line: 31
Column: 1
import codecs, filecmp
from suite_subprocess import suite_subprocess
import wiredtiger, wttest
from wtscenario import make_scenarios
# test_util18.py
# Utilities: wt printlog
class test_util18(wttest.WiredTigerTestCase, suite_subprocess):
Reported by Pylint.
Line: 53
Column: 5
scenarios = make_scenarios(print_user_data)
def conn_config(self):
return 'log=(archive=false,enabled,file_max=%dK)' % self.logmax
# Populate our test table with data we can check against in the printlog output.
def populate(self):
cursor = self.session.open_cursor(self.uri, None)
Reported by Pylint.
Line: 31
Column: 1
import codecs, filecmp
from suite_subprocess import suite_subprocess
import wiredtiger, wttest
from wtscenario import make_scenarios
# test_util18.py
# Utilities: wt printlog
class test_util18(wttest.WiredTigerTestCase, suite_subprocess):
Reported by Pylint.
Line: 1
Column: 1
#!/usr/bin/env python
#
# Public Domain 2014-present MongoDB, Inc.
# Public Domain 2008-2014 WiredTiger, Inc.
#
# This is free and unencumbered software released into the public domain.
#
# Anyone is free to copy, modify, publish, use, compile, sell, or
# distribute this software, either in source code form or as a compiled
Reported by Pylint.
Line: 29
Column: 1
# ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR
# OTHER DEALINGS IN THE SOFTWARE.
import codecs, filecmp
from suite_subprocess import suite_subprocess
import wiredtiger, wttest
from wtscenario import make_scenarios
# test_util18.py
Reported by Pylint.
Line: 31
Column: 1
import codecs, filecmp
from suite_subprocess import suite_subprocess
import wiredtiger, wttest
from wtscenario import make_scenarios
# test_util18.py
# Utilities: wt printlog
class test_util18(wttest.WiredTigerTestCase, suite_subprocess):
Reported by Pylint.
Line: 31
Column: 1
import codecs, filecmp
from suite_subprocess import suite_subprocess
import wiredtiger, wttest
from wtscenario import make_scenarios
# test_util18.py
# Utilities: wt printlog
class test_util18(wttest.WiredTigerTestCase, suite_subprocess):
Reported by Pylint.
Line: 36
Column: 1
# test_util18.py
# Utilities: wt printlog
class test_util18(wttest.WiredTigerTestCase, suite_subprocess):
tablename = 'test_util18.a'
uri = 'table:' + tablename
logmax = 100
nentries = 5
create_params = 'key_format=S,value_format=S'
Reported by Pylint.
Line: 36
Column: 1
# test_util18.py
# Utilities: wt printlog
class test_util18(wttest.WiredTigerTestCase, suite_subprocess):
tablename = 'test_util18.a'
uri = 'table:' + tablename
logmax = 100
nentries = 5
create_params = 'key_format=S,value_format=S'
Reported by Pylint.
Line: 53
Column: 5
scenarios = make_scenarios(print_user_data)
def conn_config(self):
return 'log=(archive=false,enabled,file_max=%dK)' % self.logmax
# Populate our test table with data we can check against in the printlog output.
def populate(self):
cursor = self.session.open_cursor(self.uri, None)
Reported by Pylint.
src/third_party/mozjs-60/extract/js/src/jit/arm64/MacroAssembler-arm64.cpp
20 issues
Line: 280
Column: 66
CWE codes:
362/367!
Suggestion:
Set up the correct permissions (e.g., using setuid()) and try to open the file directly
}
void
MacroAssemblerCompat::wasmLoadImpl(const wasm::MemoryAccessDesc& access, Register memoryBase_,
Register ptr_, Register ptrScratch_, AnyRegister outany,
Register64 out64)
{
uint32_t offset = access.offset();
MOZ_ASSERT(offset < wasm::OffsetGuardLimit);
Reported by FlawFinder.
Line: 284
Column: 23
CWE codes:
362/367!
Suggestion:
Set up the correct permissions (e.g., using setuid()) and try to open the file directly
Register ptr_, Register ptrScratch_, AnyRegister outany,
Register64 out64)
{
uint32_t offset = access.offset();
MOZ_ASSERT(offset < wasm::OffsetGuardLimit);
MOZ_ASSERT(ptr_ == ptrScratch_);
ARMRegister memoryBase(memoryBase_, 64);
Reported by FlawFinder.
Line: 294
Column: 34
CWE codes:
362/367!
Suggestion:
Set up the correct permissions (e.g., using setuid()) and try to open the file directly
if (offset)
Add(ptr, ptr, Operand(offset));
asMasm().memoryBarrierBefore(access.sync());
MemOperand srcAddr(memoryBase, ptr);
size_t loadOffset = asMasm().currentOffset();
switch (access.type()) {
case Scalar::Int8:
Reported by FlawFinder.
Line: 298
Column: 13
CWE codes:
362/367!
Suggestion:
Set up the correct permissions (e.g., using setuid()) and try to open the file directly
MemOperand srcAddr(memoryBase, ptr);
size_t loadOffset = asMasm().currentOffset();
switch (access.type()) {
case Scalar::Int8:
Ldrsb(SelectGPReg(outany, out64), srcAddr);
break;
case Scalar::Uint8:
Ldrb(SelectGPReg(outany, out64), srcAddr);
Reported by FlawFinder.
Line: 337
Column: 12
CWE codes:
362/367!
Suggestion:
Set up the correct permissions (e.g., using setuid()) and try to open the file directly
case Scalar::Int16x8:
MOZ_CRASH("unexpected array type");
}
append(access, loadOffset, framePushed());
asMasm().memoryBarrierAfter(access.sync());
}
void
Reported by FlawFinder.
Line: 339
Column: 33
CWE codes:
362/367!
Suggestion:
Set up the correct permissions (e.g., using setuid()) and try to open the file directly
}
append(access, loadOffset, framePushed());
asMasm().memoryBarrierAfter(access.sync());
}
void
MacroAssemblerCompat::wasmStoreImpl(const wasm::MemoryAccessDesc& access, AnyRegister valany,
Register64 val64, Register memoryBase_, Register ptr_,
Reported by FlawFinder.
Line: 343
Column: 67
CWE codes:
362/367!
Suggestion:
Set up the correct permissions (e.g., using setuid()) and try to open the file directly
}
void
MacroAssemblerCompat::wasmStoreImpl(const wasm::MemoryAccessDesc& access, AnyRegister valany,
Register64 val64, Register memoryBase_, Register ptr_,
Register ptrScratch_)
{
uint32_t offset = access.offset();
MOZ_ASSERT(offset < wasm::OffsetGuardLimit);
Reported by FlawFinder.
Line: 347
Column: 23
CWE codes:
362/367!
Suggestion:
Set up the correct permissions (e.g., using setuid()) and try to open the file directly
Register64 val64, Register memoryBase_, Register ptr_,
Register ptrScratch_)
{
uint32_t offset = access.offset();
MOZ_ASSERT(offset < wasm::OffsetGuardLimit);
MOZ_ASSERT(ptr_ == ptrScratch_);
ARMRegister memoryBase(memoryBase_, 64);
Reported by FlawFinder.
Line: 357
Column: 34
CWE codes:
362/367!
Suggestion:
Set up the correct permissions (e.g., using setuid()) and try to open the file directly
if (offset)
Add(ptr, ptr, Operand(offset));
asMasm().memoryBarrierBefore(access.sync());
MemOperand dstAddr(memoryBase, ptr);
size_t storeOffset = asMasm().currentOffset();
switch (access.type()) {
case Scalar::Int8:
Reported by FlawFinder.
Line: 361
Column: 13
CWE codes:
362/367!
Suggestion:
Set up the correct permissions (e.g., using setuid()) and try to open the file directly
MemOperand dstAddr(memoryBase, ptr);
size_t storeOffset = asMasm().currentOffset();
switch (access.type()) {
case Scalar::Int8:
case Scalar::Uint8:
Strb(SelectGPReg(valany, val64), dstAddr);
break;
case Scalar::Int16:
Reported by FlawFinder.
src/third_party/wiredtiger/test/suite/test_prepare_hs02.py
20 issues
Line: 36
Column: 1
from helper import copy_wiredtiger_home
import random
from suite_subprocess import suite_subprocess
import wiredtiger, wttest
from wtscenario import make_scenarios
class test_prepare_hs02(wttest.WiredTigerTestCase, suite_subprocess):
tablename = 'test_prepare_cursor'
uri = 'table:' + tablename
Reported by Pylint.
Line: 33
Column: 1
# Prepare updates can be resolved for both commit // rollback operations.
#
from helper import copy_wiredtiger_home
import random
from suite_subprocess import suite_subprocess
import wiredtiger, wttest
from wtscenario import make_scenarios
Reported by Pylint.
Line: 36
Column: 1
from helper import copy_wiredtiger_home
import random
from suite_subprocess import suite_subprocess
import wiredtiger, wttest
from wtscenario import make_scenarios
class test_prepare_hs02(wttest.WiredTigerTestCase, suite_subprocess):
tablename = 'test_prepare_cursor'
uri = 'table:' + tablename
Reported by Pylint.
Line: 1
Column: 1
#!/usr/bin/env python
#
# Public Domain 2014-present MongoDB, Inc.
# Public Domain 2008-2014 WiredTiger, Inc.
#
# This is free and unencumbered software released into the public domain.
#
# Anyone is free to copy, modify, publish, use, compile, sell, or
# distribute this software, either in source code form or as a compiled
Reported by Pylint.
Line: 34
Column: 1
#
from helper import copy_wiredtiger_home
import random
from suite_subprocess import suite_subprocess
import wiredtiger, wttest
from wtscenario import make_scenarios
class test_prepare_hs02(wttest.WiredTigerTestCase, suite_subprocess):
Reported by Pylint.
Line: 36
Column: 1
from helper import copy_wiredtiger_home
import random
from suite_subprocess import suite_subprocess
import wiredtiger, wttest
from wtscenario import make_scenarios
class test_prepare_hs02(wttest.WiredTigerTestCase, suite_subprocess):
tablename = 'test_prepare_cursor'
uri = 'table:' + tablename
Reported by Pylint.
Line: 36
Column: 1
from helper import copy_wiredtiger_home
import random
from suite_subprocess import suite_subprocess
import wiredtiger, wttest
from wtscenario import make_scenarios
class test_prepare_hs02(wttest.WiredTigerTestCase, suite_subprocess):
tablename = 'test_prepare_cursor'
uri = 'table:' + tablename
Reported by Pylint.
Line: 39
Column: 1
import wiredtiger, wttest
from wtscenario import make_scenarios
class test_prepare_hs02(wttest.WiredTigerTestCase, suite_subprocess):
tablename = 'test_prepare_cursor'
uri = 'table:' + tablename
txn_config = 'isolation=snapshot'
types = [
Reported by Pylint.
Line: 39
Column: 1
import wiredtiger, wttest
from wtscenario import make_scenarios
class test_prepare_hs02(wttest.WiredTigerTestCase, suite_subprocess):
tablename = 'test_prepare_cursor'
uri = 'table:' + tablename
txn_config = 'isolation=snapshot'
types = [
Reported by Pylint.
Line: 58
Column: 5
scenarios = make_scenarios(types, txn_end)
def test_prepare_conflict(self):
self.session.create(self.uri, self.s_config)
c = self.session.open_cursor(self.uri)
# Insert keys 1..100 each with timestamp=key, in some order
orig_keys = list(range(1, 101))
Reported by Pylint.
src/third_party/scons-3.1.2/scons-local-3.1.2/SCons/Tool/yacc.py
20 issues
Line: 56
Column: 17
def _yaccEmitter(target, source, env, ysuf, hsuf):
yaccflags = env.subst("$YACCFLAGS", target=target, source=source)
flags = SCons.Util.CLVar(yaccflags)
targetBase, targetExt = os.path.splitext(SCons.Util.to_String(target[0]))
if '.ym' in ysuf: # If using Objective-C
target = [targetBase + ".m"] # the extension is ".m".
Reported by Pylint.
Line: 70
Column: 15
# If -g is specified on the command line, yacc will emit a .vcg
# file with the same base name as the .y, .yacc, .ym or .yy file.
if "-g" in flags:
base, ext = os.path.splitext(SCons.Util.to_String(source[0]))
target.append(base + env.subst("$YACCVCGFILESUFFIX"))
# If -v is specified yacc will create the output debug file
# which is not really source for any process, but should
# be noted and also be cleaned
Reported by Pylint.
Line: 34
Column: 1
# WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
#
__revision__ = "src/engine/SCons/Tool/yacc.py bee7caf9defd6e108fc2998a2520ddb36a967691 2019-12-17 02:07:09 bdeegan"
import os.path
import sys
import SCons.Defaults
Reported by Pylint.
Line: 53
Column: 1
else:
BINS = ["bison", "yacc"]
def _yaccEmitter(target, source, env, ysuf, hsuf):
yaccflags = env.subst("$YACCFLAGS", target=target, source=source)
flags = SCons.Util.CLVar(yaccflags)
targetBase, targetExt = os.path.splitext(SCons.Util.to_String(target[0]))
if '.ym' in ysuf: # If using Objective-C
Reported by Pylint.
Line: 53
Column: 1
else:
BINS = ["bison", "yacc"]
def _yaccEmitter(target, source, env, ysuf, hsuf):
yaccflags = env.subst("$YACCFLAGS", target=target, source=source)
flags = SCons.Util.CLVar(yaccflags)
targetBase, targetExt = os.path.splitext(SCons.Util.to_String(target[0]))
if '.ym' in ysuf: # If using Objective-C
Reported by Pylint.
Line: 56
Column: 17
def _yaccEmitter(target, source, env, ysuf, hsuf):
yaccflags = env.subst("$YACCFLAGS", target=target, source=source)
flags = SCons.Util.CLVar(yaccflags)
targetBase, targetExt = os.path.splitext(SCons.Util.to_String(target[0]))
if '.ym' in ysuf: # If using Objective-C
target = [targetBase + ".m"] # the extension is ".m".
Reported by Pylint.
Line: 56
Column: 5
def _yaccEmitter(target, source, env, ysuf, hsuf):
yaccflags = env.subst("$YACCFLAGS", target=target, source=source)
flags = SCons.Util.CLVar(yaccflags)
targetBase, targetExt = os.path.splitext(SCons.Util.to_String(target[0]))
if '.ym' in ysuf: # If using Objective-C
target = [targetBase + ".m"] # the extension is ".m".
Reported by Pylint.
Line: 85
Column: 5
# With --defines and --graph, the name of the file is totally defined
# in the options.
fileGenOptions = ["--defines=", "--graph="]
for option in flags:
for fileGenOption in fileGenOptions:
l = len(fileGenOption)
if option[:l] == fileGenOption:
# A file generating option is present, so add the file
Reported by Pylint.
Line: 87
Column: 13
# in the options.
fileGenOptions = ["--defines=", "--graph="]
for option in flags:
for fileGenOption in fileGenOptions:
l = len(fileGenOption)
if option[:l] == fileGenOption:
# A file generating option is present, so add the file
# name to the list of targets.
fileName = option[l:].strip()
Reported by Pylint.
Line: 88
Column: 13
fileGenOptions = ["--defines=", "--graph="]
for option in flags:
for fileGenOption in fileGenOptions:
l = len(fileGenOption)
if option[:l] == fileGenOption:
# A file generating option is present, so add the file
# name to the list of targets.
fileName = option[l:].strip()
target.append(fileName)
Reported by Pylint.
src/third_party/wiredtiger/test/csuite/incr_backup/main.c
20 issues
Line: 233
CWE codes:
908
static void
active_files_init(ACTIVE_FILES *active)
{
WT_CLEAR(*active);
}
/*
* active_files_print --
* Print the set of active files for debugging.
Reported by Cppcheck.
Line: 73
Column: 13
CWE codes:
134
Suggestion:
Use a constant for the format specification
#define VERBOSE(level, fmt, ...) \
do { \
if (level <= verbose_level) \
printf(fmt, __VA_ARGS__); \
} while (0)
/*
* We keep an array of tables, each one may or may not be in use. "In use" means it has been
* created, and will be updated from time to time.
Reported by FlawFinder.
Line: 532
Column: 20
CWE codes:
78
Suggestion:
try using a library call that implements the same functionality if available
testutil_check(
__wt_snprintf(buf, sizeof(buf), "rm -rf %s && mkdir %s", backup_home, backup_home));
VERBOSE(3, " => %s\n", buf);
testutil_check(system(buf));
testutil_check(conn->open_session(conn, NULL, NULL, &session));
tinfo->full_backup_number = tinfo->incr_backup_number++;
/* Half of the runs with very low granularity to stress bitmaps */
Reported by FlawFinder.
Line: 563
Column: 24
CWE codes:
78
Suggestion:
try using a library call that implements the same functionality if available
testutil_check(
__wt_snprintf(buf, sizeof(buf), "cp %s/%s %s/%s", home, filename, backup_home, filename));
VERBOSE(3, " => %s\n", buf);
testutil_check(system(buf));
}
testutil_assert(ret == WT_NOTFOUND);
testutil_check(cursor->close(cursor));
testutil_check(session->close(session, NULL));
active_files_sort(active);
Reported by FlawFinder.
Line: 634
Column: 28
CWE codes:
78
Suggestion:
try using a library call that implements the same functionality if available
testutil_check(__wt_snprintf(
buf, sizeof(buf), "cp %s/%s %s/%s", home, filename, backup_home, filename));
VERBOSE(3, " => %s\n", buf);
testutil_check(system(buf));
} else {
/*
* Here is the normal incremental backup. Now that we know what file has changed, we get
* the specific changes
*/
Reported by FlawFinder.
Line: 667
Column: 36
CWE codes:
78
Suggestion:
try using a library call that implements the same functionality if available
testutil_check(__wt_snprintf(
buf, sizeof(buf), "cp %s/%s %s/%s", home, filename, backup_home, filename));
VERBOSE(3, " => %s\n", buf);
testutil_check(system(buf));
}
}
testutil_assert(ret == WT_NOTFOUND);
testutil_check(file_cursor->close(file_cursor));
}
Reported by FlawFinder.
Line: 740
Column: 25
CWE codes:
120
20
Suggestion:
Specify a limit to %s, or use a different input function
* Reconstruct the change number from the key. See key_value() for details on how the key is
* constructed.
*/
testutil_assert(sscanf(got_key, KEY_FORMAT, &keylow, &keyhigh) == 2);
change_count = (u_int)keyhigh * 100 + (u_int)keylow;
item.data = value;
item.size = table->max_value_size;
if (op_type == INSERT || (op_type == UPDATE && change_count < boundary))
change_count += 0;
Reported by FlawFinder.
Line: 779
Column: 20
CWE codes:
78
Suggestion:
try using a library call that implements the same functionality if available
testutil_check(__wt_snprintf(
buf, sizeof(buf), "rm -rf %s && cp -r %s %s", backup_check, backup_home, backup_check));
testutil_check(system(buf));
testutil_check(wiredtiger_open(backup_check, NULL, CONN_CONFIG_COMMON, &conn));
testutil_check(conn->open_session(conn, NULL, NULL, &session));
for (slot = 0; slot < tinfo->table_count; slot++) {
Reported by FlawFinder.
Line: 845
Column: 19
CWE codes:
78
Suggestion:
try using a library call that implements the same functionality if available
testutil_check(
__wt_snprintf(command, sizeof(command), "rm -rf %s %s; mkdir %s", home, backup_dir, home));
if ((status = system(command)) < 0)
testutil_die(status, "system: %s", command);
backup_verbose = (verbose_level >= 4) ? "verbose=(backup)" : "";
/*
Reported by FlawFinder.
Line: 293
Column: 5
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
{
uint32_t curpos, prevpos;
int cmp;
char filename[1024];
active_files_print(prev, "computing removals: previous list of active files");
active_files_print(cur, "computing removals: current list of active files");
curpos = 0;
/*
Reported by FlawFinder.
src/third_party/abseil-cpp-master/abseil-cpp/absl/debugging/symbolize_test.cc
20 issues
Line: 80
// Create functions that will remain in different text sections in the
// final binary when linker option "-z,keep-text-section-prefix" is used.
int ABSL_ATTRIBUTE_SECTION_VARIABLE(.text.unlikely) unlikely_func() {
return 0;
}
int ABSL_ATTRIBUTE_SECTION_VARIABLE(.text.hot) hot_func() {
return 0;
Reported by Cppcheck.
Line: 103
Column: 36
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
// Thread-local data may confuse the symbolizer, ensure that it does not.
// Variable sizes and order are important.
#if ABSL_PER_THREAD_TLS
static ABSL_PER_THREAD_TLS_KEYWORD char symbolize_test_thread_small[1];
static ABSL_PER_THREAD_TLS_KEYWORD char
symbolize_test_thread_big[2 * 1024 * 1024];
#endif
#if !defined(__EMSCRIPTEN__)
Reported by FlawFinder.
Line: 104
Column: 36
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
// Variable sizes and order are important.
#if ABSL_PER_THREAD_TLS
static ABSL_PER_THREAD_TLS_KEYWORD char symbolize_test_thread_small[1];
static ABSL_PER_THREAD_TLS_KEYWORD char
symbolize_test_thread_big[2 * 1024 * 1024];
#endif
#if !defined(__EMSCRIPTEN__)
// Used below to hopefully inhibit some compiler/linker optimizations
Reported by FlawFinder.
Line: 116
Column: 7
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
// Force the binary to be large enough that a THP .text remap will succeed.
static constexpr size_t kHpageSize = 1 << 21;
const char kHpageTextPadding[kHpageSize * 4] ABSL_ATTRIBUTE_SECTION_VARIABLE(
.text) = "";
#endif // !defined(__EMSCRIPTEN__)
static char try_symbolize_buffer[4096];
Reported by FlawFinder.
Line: 120
Column: 8
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
.text) = "";
#endif // !defined(__EMSCRIPTEN__)
static char try_symbolize_buffer[4096];
// A wrapper function for absl::Symbolize() to make the unit test simple. The
// limit must be < sizeof(try_symbolize_buffer). Returns null if
// absl::Symbolize() returns false, otherwise returns try_symbolize_buffer with
// the result of absl::Symbolize().
Reported by FlawFinder.
Line: 201
Column: 8
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
#ifdef ABSL_INTERNAL_HAVE_DEBUGGING_STACK_CONSUMPTION
static void *g_pc_to_symbolize;
static char g_symbolize_buffer[4096];
static char *g_symbolize_result;
static void SymbolizeSignalHandler(int signo) {
if (absl::Symbolize(g_pc_to_symbolize, g_symbolize_buffer,
sizeof(g_symbolize_buffer))) {
Reported by FlawFinder.
Line: 269
Column: 7
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
const size_t kPageSize = 64 << 10;
// We place a read-only symbols into the .text section and verify that we can
// symbolize them and other symbols after remapping them.
const char kPadding0[kPageSize * 4] ABSL_ATTRIBUTE_SECTION_VARIABLE(.text) =
"";
const char kPadding1[kPageSize * 4] ABSL_ATTRIBUTE_SECTION_VARIABLE(.text) =
"";
static int FilterElfHeader(struct dl_phdr_info *info, size_t size, void *data) {
Reported by FlawFinder.
Line: 271
Column: 7
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
// symbolize them and other symbols after remapping them.
const char kPadding0[kPageSize * 4] ABSL_ATTRIBUTE_SECTION_VARIABLE(.text) =
"";
const char kPadding1[kPageSize * 4] ABSL_ATTRIBUTE_SECTION_VARIABLE(.text) =
"";
static int FilterElfHeader(struct dl_phdr_info *info, size_t size, void *data) {
for (int i = 0; i < info->dlpi_phnum; i++) {
if (info->dlpi_phdr[i].p_type == PT_LOAD &&
Reported by FlawFinder.
Line: 308
Column: 3
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
}
// Verify we can symbolize everything.
char buf[512];
memset(buf, 0, sizeof(buf));
absl::Symbolize(kPadding0, buf, sizeof(buf));
EXPECT_STREQ("kPadding0", buf);
memset(buf, 0, sizeof(buf));
Reported by FlawFinder.
Line: 401
Column: 31
CWE codes:
362
static int in_data_section = 1;
TEST(Symbolize, ForEachSection) {
int fd = TEMP_FAILURE_RETRY(open("/proc/self/exe", O_RDONLY));
ASSERT_NE(fd, -1);
std::vector<std::string> sections;
ASSERT_TRUE(absl::debugging_internal::ForEachSection(
fd, [§ions](const absl::string_view name, const ElfW(Shdr) &) {
Reported by FlawFinder.
buildscripts/idl/idl/binder.py
20 issues
Line: 36
Column: 1
import typing
from typing import Type, TypeVar, cast, List, Set, Union, Optional
from . import ast
from . import bson
from . import common
from . import enum_types
from . import errors
from . import syntax
Reported by Pylint.
Line: 37
Column: 1
from typing import Type, TypeVar, cast, List, Set, Union, Optional
from . import ast
from . import bson
from . import common
from . import enum_types
from . import errors
from . import syntax
Reported by Pylint.
Line: 38
Column: 1
from . import ast
from . import bson
from . import common
from . import enum_types
from . import errors
from . import syntax
Reported by Pylint.
Line: 39
Column: 1
from . import ast
from . import bson
from . import common
from . import enum_types
from . import errors
from . import syntax
def _validate_single_bson_type(ctxt, idl_type, syntax_type):
Reported by Pylint.
Line: 40
Column: 1
from . import bson
from . import common
from . import enum_types
from . import errors
from . import syntax
def _validate_single_bson_type(ctxt, idl_type, syntax_type):
# type: (errors.ParserContext, Union[syntax.Type, ast.Type], str) -> bool
Reported by Pylint.
Line: 41
Column: 1
from . import common
from . import enum_types
from . import errors
from . import syntax
def _validate_single_bson_type(ctxt, idl_type, syntax_type):
# type: (errors.ParserContext, Union[syntax.Type, ast.Type], str) -> bool
"""Validate bson serialization type is correct for a type."""
Reported by Pylint.
Line: 166
Suggestion:
https://bandit.readthedocs.io/en/latest/plugins/b101_assert_used.html
def _validate_chain_type_properties(ctxt, idl_type, syntax_type):
# type: (errors.ParserContext, Union[syntax.Type, ast.Type], str) -> None
"""Validate a chained type has both a deserializer and serializer."""
assert len(
idl_type.bson_serialization_type) == 1 and idl_type.bson_serialization_type[0] == 'chain'
if idl_type.deserializer is None:
ctxt.add_missing_ast_required_field_error(idl_type, syntax_type, idl_type.name,
"deserializer")
Reported by Bandit.
Line: 428
Suggestion:
https://bandit.readthedocs.io/en/latest/plugins/b101_assert_used.html
def _bind_struct_field(ctxt, ast_field, idl_type):
# type: (errors.ParserContext, ast.Field, Union[syntax.Enum, syntax.Struct, syntax.Type]) -> None
# The signature includes Enum to match SymbolTable.resolve_field_type, but it's not allowed.
assert not isinstance(idl_type, syntax.Enum)
if isinstance(idl_type, syntax.Struct):
struct = cast(syntax.Struct, idl_type)
else:
assert isinstance(idl_type, syntax.ArrayType)
array = cast(syntax.ArrayType, idl_type)
Reported by Bandit.
Line: 432
Suggestion:
https://bandit.readthedocs.io/en/latest/plugins/b101_assert_used.html
if isinstance(idl_type, syntax.Struct):
struct = cast(syntax.Struct, idl_type)
else:
assert isinstance(idl_type, syntax.ArrayType)
array = cast(syntax.ArrayType, idl_type)
assert isinstance(array.element_type, syntax.Struct)
struct = cast(syntax.Struct, array.element_type)
ast_field.type = _bind_struct_type(struct)
Reported by Bandit.
Line: 434
Suggestion:
https://bandit.readthedocs.io/en/latest/plugins/b101_assert_used.html
else:
assert isinstance(idl_type, syntax.ArrayType)
array = cast(syntax.ArrayType, idl_type)
assert isinstance(array.element_type, syntax.Struct)
struct = cast(syntax.Struct, array.element_type)
ast_field.type = _bind_struct_type(struct)
ast_field.type.is_array = isinstance(idl_type, syntax.ArrayType)
Reported by Bandit.
src/third_party/wiredtiger/test/suite/test_backup06.py
20 issues
Line: 33
Column: 1
import shutil
import string
from wtbackup import backup_base
import wiredtiger, wttest
from wiredtiger import stat
from wtdataset import SimpleDataSet, ComplexDataSet, ComplexLSMDataSet
try:
# Windows does not getrlimit/setrlimit so we must catch the resource
# module load.
Reported by Pylint.
Line: 34
Column: 1
import string
from wtbackup import backup_base
import wiredtiger, wttest
from wiredtiger import stat
from wtdataset import SimpleDataSet, ComplexDataSet, ComplexLSMDataSet
try:
# Windows does not getrlimit/setrlimit so we must catch the resource
# module load.
import resource
Reported by Pylint.
Line: 30
Column: 1
# OTHER DEALINGS IN THE SOFTWARE.
import os
import shutil
import string
from wtbackup import backup_base
import wiredtiger, wttest
from wiredtiger import stat
from wtdataset import SimpleDataSet, ComplexDataSet, ComplexLSMDataSet
Reported by Pylint.
Line: 31
Column: 1
import os
import shutil
import string
from wtbackup import backup_base
import wiredtiger, wttest
from wiredtiger import stat
from wtdataset import SimpleDataSet, ComplexDataSet, ComplexLSMDataSet
try:
Reported by Pylint.
Line: 40
Column: 1
# Windows does not getrlimit/setrlimit so we must catch the resource
# module load.
import resource
except:
None
# test_backup06.py
# Test that opening a backup cursor does not open file handles.
class test_backup06(backup_base):
Reported by Pylint.
Line: 41
Column: 5
# module load.
import resource
except:
None
# test_backup06.py
# Test that opening a backup cursor does not open file handles.
class test_backup06(backup_base):
conn_config = 'statistics=(fast)'
Reported by Pylint.
Line: 133
Column: 43
self.session.create(schema_uri, None)
for i in self.fobjs:
self.assertRaises(wiredtiger.WiredTigerError,
lambda: self.session.drop(i[0], None))
self.assertRaises(wiredtiger.WiredTigerError,
lambda: self.session.rename(i[0], rename_uri))
for i in self.tobjs:
self.assertRaises(wiredtiger.WiredTigerError,
lambda: self.session.drop(i[0], None))
Reported by Pylint.
Line: 135
Column: 45
self.assertRaises(wiredtiger.WiredTigerError,
lambda: self.session.drop(i[0], None))
self.assertRaises(wiredtiger.WiredTigerError,
lambda: self.session.rename(i[0], rename_uri))
for i in self.tobjs:
self.assertRaises(wiredtiger.WiredTigerError,
lambda: self.session.drop(i[0], None))
self.assertRaises(wiredtiger.WiredTigerError,
lambda: self.session.rename(i[0], trename_uri))
Reported by Pylint.
Line: 1
Column: 1
#!/usr/bin/env python
#
# Public Domain 2014-present MongoDB, Inc.
# Public Domain 2008-2014 WiredTiger, Inc.
#
# This is free and unencumbered software released into the public domain.
#
# Anyone is free to copy, modify, publish, use, compile, sell, or
# distribute this software, either in source code form or as a compiled
Reported by Pylint.
Line: 33
Column: 1
import shutil
import string
from wtbackup import backup_base
import wiredtiger, wttest
from wiredtiger import stat
from wtdataset import SimpleDataSet, ComplexDataSet, ComplexLSMDataSet
try:
# Windows does not getrlimit/setrlimit so we must catch the resource
# module load.
Reported by Pylint.
src/third_party/scons-3.1.2/scons-local-3.1.2/SCons/Tool/MSCommon/common.py
20 issues
Line: 68
Column: 2
try:
with open(CONFIG_CACHE, 'r') as f:
envcache = json.load(f)
#TODO can use more specific FileNotFoundError when py2 dropped
except IOError:
# don't fail if no cache file, just proceed without it
pass
return envcache
Reported by Pylint.
Line: 108
Column: 5
# ProgramW6432 and PROCESSOR_ARCHITEW6432 to non-null.
# (Checking for HKLM\Software\Wow6432Node in the registry doesn't
# work, because some 32-bit installers create it.)
global _is_win64
if _is_win64 is None:
# I structured these tests to make it easy to add new ones or
# add exceptions in the future, because this is a bit fragile.
_is_win64 = False
if os.environ.get('PROCESSOR_ARCHITECTURE', 'x86') != 'x86':
Reported by Pylint.
Line: 175
Column: 5
if sys32_wbem_dir not in normenv['PATH']:
normenv['PATH'] = normenv['PATH'] + os.pathsep + sys32_wbem_dir
debug("PATH: %s"%normenv['PATH'])
return normenv
def get_output(vcbat, args = None, env = None):
"""Parse the output of given bat file, with given args."""
Reported by Pylint.
Line: 186
Column: 3
# Create a blank environment, for use in launching the tools
env = SCons.Environment.Environment(tools=[])
# TODO: This is a hard-coded list of the variables that (may) need
# to be imported from os.environ[] for v[sc]*vars*.bat file
# execution to work. This list should really be either directly
# controlled by vc.py, or else derived from the common_tools_var
# settings in vs.py.
vs_vc_vars = [
Reported by Pylint.
Line: 209
Column: 9
env['ENV'] = normalize_env(env['ENV'], vs_vc_vars, force=False)
if args:
debug("Calling '%s %s'" % (vcbat, args))
popen = SCons.Action._subproc(env,
'"%s" %s & set' % (vcbat, args),
stdin='devnull',
stdout=subprocess.PIPE,
stderr=subprocess.PIPE)
Reported by Pylint.
Line: 210
Column: 17
if args:
debug("Calling '%s %s'" % (vcbat, args))
popen = SCons.Action._subproc(env,
'"%s" %s & set' % (vcbat, args),
stdin='devnull',
stdout=subprocess.PIPE,
stderr=subprocess.PIPE)
else:
Reported by Pylint.
Line: 216
Column: 9
stdout=subprocess.PIPE,
stderr=subprocess.PIPE)
else:
debug("Calling '%s'" % vcbat)
popen = SCons.Action._subproc(env,
'"%s" & set' % vcbat,
stdin='devnull',
stdout=subprocess.PIPE,
stderr=subprocess.PIPE)
Reported by Pylint.
Line: 217
Column: 17
stderr=subprocess.PIPE)
else:
debug("Calling '%s'" % vcbat)
popen = SCons.Action._subproc(env,
'"%s" & set' % vcbat,
stdin='devnull',
stdout=subprocess.PIPE,
stderr=subprocess.PIPE)
Reported by Pylint.
Line: 236
Column: 3
# debug('get_output():stderr:%s'%stderr)
if stderr:
# TODO: find something better to do with stderr;
# this at least prevents errors from getting swallowed.
sys.stderr.write(stderr)
if popen.wait() != 0:
raise IOError(stderr.decode("mbcs"))
Reported by Pylint.
Line: 261
Column: 5
for i in keep:
rdk[i] = re.compile('%s=(.*)' % i, re.I)
def add_env(rmatch, key, dkeep=dkeep):
path_list = rmatch.group(1).split(os.pathsep)
for path in path_list:
# Do not add empty paths (when a var ends with ;)
if path:
# XXX: For some reason, VC98 .bat file adds "" around the PATH
Reported by Pylint.