The following issues were found

src/third_party/boost/boost/random/lagged_fibonacci.hpp
12 issues
random - This function is not sufficiently random for security-related functions such as key and nonce creation
Security

Line: 37 Column: 11 CWE codes: 327
Suggestion: Use a more secure technique for acquiring random values 

              #include <boost/random/detail/generator_seed_seq.hpp>

namespace boost {
namespace random {

/**
 * Instantiations of class template \lagged_fibonacci_engine model a
 * \pseudo_random_number_generator. It uses a lagged Fibonacci
 * algorithm with two lags @c p and @c q:

Reported by FlawFinder.

random - This function is not sufficiently random for security-related functions such as key and nonce creation
Security

Line: 525 Column: 7 CWE codes: 327
Suggestion: Use a more secure technique for acquiring random values 

              
} // namespace random

using random::lagged_fibonacci607;
using random::lagged_fibonacci1279;
using random::lagged_fibonacci2281;
using random::lagged_fibonacci3217;
using random::lagged_fibonacci4423;
using random::lagged_fibonacci9689;

Reported by FlawFinder.

random - This function is not sufficiently random for security-related functions such as key and nonce creation
Security

Line: 526 Column: 7 CWE codes: 327
Suggestion: Use a more secure technique for acquiring random values 

              } // namespace random

using random::lagged_fibonacci607;
using random::lagged_fibonacci1279;
using random::lagged_fibonacci2281;
using random::lagged_fibonacci3217;
using random::lagged_fibonacci4423;
using random::lagged_fibonacci9689;
using random::lagged_fibonacci19937;

Reported by FlawFinder.

random - This function is not sufficiently random for security-related functions such as key and nonce creation
Security

Line: 527 Column: 7 CWE codes: 327
Suggestion: Use a more secure technique for acquiring random values 

              
using random::lagged_fibonacci607;
using random::lagged_fibonacci1279;
using random::lagged_fibonacci2281;
using random::lagged_fibonacci3217;
using random::lagged_fibonacci4423;
using random::lagged_fibonacci9689;
using random::lagged_fibonacci19937;
using random::lagged_fibonacci23209;

Reported by FlawFinder.

random - This function is not sufficiently random for security-related functions such as key and nonce creation
Security

Line: 528 Column: 7 CWE codes: 327
Suggestion: Use a more secure technique for acquiring random values 

              using random::lagged_fibonacci607;
using random::lagged_fibonacci1279;
using random::lagged_fibonacci2281;
using random::lagged_fibonacci3217;
using random::lagged_fibonacci4423;
using random::lagged_fibonacci9689;
using random::lagged_fibonacci19937;
using random::lagged_fibonacci23209;
using random::lagged_fibonacci44497;

Reported by FlawFinder.

random - This function is not sufficiently random for security-related functions such as key and nonce creation
Security

Line: 529 Column: 7 CWE codes: 327
Suggestion: Use a more secure technique for acquiring random values 

              using random::lagged_fibonacci1279;
using random::lagged_fibonacci2281;
using random::lagged_fibonacci3217;
using random::lagged_fibonacci4423;
using random::lagged_fibonacci9689;
using random::lagged_fibonacci19937;
using random::lagged_fibonacci23209;
using random::lagged_fibonacci44497;

Reported by FlawFinder.

random - This function is not sufficiently random for security-related functions such as key and nonce creation
Security

Line: 530 Column: 7 CWE codes: 327
Suggestion: Use a more secure technique for acquiring random values 

              using random::lagged_fibonacci2281;
using random::lagged_fibonacci3217;
using random::lagged_fibonacci4423;
using random::lagged_fibonacci9689;
using random::lagged_fibonacci19937;
using random::lagged_fibonacci23209;
using random::lagged_fibonacci44497;

} // namespace boost

Reported by FlawFinder.

random - This function is not sufficiently random for security-related functions such as key and nonce creation
Security

Line: 531 Column: 7 CWE codes: 327
Suggestion: Use a more secure technique for acquiring random values 

              using random::lagged_fibonacci3217;
using random::lagged_fibonacci4423;
using random::lagged_fibonacci9689;
using random::lagged_fibonacci19937;
using random::lagged_fibonacci23209;
using random::lagged_fibonacci44497;

} // namespace boost

Reported by FlawFinder.

random - This function is not sufficiently random for security-related functions such as key and nonce creation
Security

Line: 532 Column: 7 CWE codes: 327
Suggestion: Use a more secure technique for acquiring random values 

              using random::lagged_fibonacci4423;
using random::lagged_fibonacci9689;
using random::lagged_fibonacci19937;
using random::lagged_fibonacci23209;
using random::lagged_fibonacci44497;

} // namespace boost

#endif // BOOST_RANDOM_LAGGED_FIBONACCI_HPP

Reported by FlawFinder.

random - This function is not sufficiently random for security-related functions such as key and nonce creation
Security

Line: 533 Column: 7 CWE codes: 327
Suggestion: Use a more secure technique for acquiring random values 

              using random::lagged_fibonacci9689;
using random::lagged_fibonacci19937;
using random::lagged_fibonacci23209;
using random::lagged_fibonacci44497;

} // namespace boost

#endif // BOOST_RANDOM_LAGGED_FIBONACCI_HPP

Reported by FlawFinder.

src/third_party/wiredtiger/test/suite/test_txn06.py
12 issues
Unable to import 'wiredtiger'
Error

Line: 34 Column: 1 

              
from suite_subprocess import suite_subprocess
from wtdataset import SimpleDataSet
import wiredtiger, wttest
from wtscenario import make_scenarios

class test_txn06(wttest.WiredTigerTestCase, suite_subprocess):
    conn_config = 'verbose=[transaction]'
    tablename = 'test_txn06'

Reported by Pylint.

Unused import wiredtiger
Error

Line: 34 Column: 1 

              
from suite_subprocess import suite_subprocess
from wtdataset import SimpleDataSet
import wiredtiger, wttest
from wtscenario import make_scenarios

class test_txn06(wttest.WiredTigerTestCase, suite_subprocess):
    conn_config = 'verbose=[transaction]'
    tablename = 'test_txn06'

Reported by Pylint.

Redefining built-in 'format'
Error

Line: 59 Column: 9 

              
        # Now scan the table and copy the rows into a new table. The cursor will keep the snapshot
        # in self.session pinned while the inserts cause new IDs to be allocated.
        format = "key_format={},value_format={}".format(self.key_format, self.value_format)
        c_src = self.session.create(self.uri, format)
        c_src = self.session.open_cursor(self.source_uri)
        insert_session = self.conn.open_session()
        c = insert_session.open_cursor(self.uri)
        for k, v in c_src:

Reported by Pylint.

Missing module docstring
Error

Line: 1 Column: 1 

              #!/usr/bin/env python
#
# Public Domain 2014-present MongoDB, Inc.
# Public Domain 2008-2014 WiredTiger, Inc.
#
# This is free and unencumbered software released into the public domain.
#
# Anyone is free to copy, modify, publish, use, compile, sell, or
# distribute this software, either in source code form or as a compiled

Reported by Pylint.

Multiple imports on one line (wiredtiger, wttest)
Error

Line: 34 Column: 1 

              
from suite_subprocess import suite_subprocess
from wtdataset import SimpleDataSet
import wiredtiger, wttest
from wtscenario import make_scenarios

class test_txn06(wttest.WiredTigerTestCase, suite_subprocess):
    conn_config = 'verbose=[transaction]'
    tablename = 'test_txn06'

Reported by Pylint.

third party import "import wiredtiger, wttest" should be placed before "from suite_subprocess import suite_subprocess"
Error

Line: 34 Column: 1 

              
from suite_subprocess import suite_subprocess
from wtdataset import SimpleDataSet
import wiredtiger, wttest
from wtscenario import make_scenarios

class test_txn06(wttest.WiredTigerTestCase, suite_subprocess):
    conn_config = 'verbose=[transaction]'
    tablename = 'test_txn06'

Reported by Pylint.

Class name "test_txn06" doesn't conform to PascalCase naming style
Error

Line: 37 Column: 1 

              import wiredtiger, wttest
from wtscenario import make_scenarios

class test_txn06(wttest.WiredTigerTestCase, suite_subprocess):
    conn_config = 'verbose=[transaction]'
    tablename = 'test_txn06'
    uri = 'table:' + tablename
    source_uri = 'table:' + tablename + "_src"
    nrows = 100000

Reported by Pylint.

Missing class docstring
Error

Line: 37 Column: 1 

              import wiredtiger, wttest
from wtscenario import make_scenarios

class test_txn06(wttest.WiredTigerTestCase, suite_subprocess):
    conn_config = 'verbose=[transaction]'
    tablename = 'test_txn06'
    uri = 'table:' + tablename
    source_uri = 'table:' + tablename + "_src"
    nrows = 100000

Reported by Pylint.

Missing function or method docstring
Error

Line: 51 Column: 5 

                  ]
    scenarios = make_scenarios(format_values)

    def test_long_running(self):
        # Populate a table
        ds = SimpleDataSet(self, self.source_uri, self.nrows,
            key_format=self.key_format, value_format=self.value_format)
        ds.populate()

Reported by Pylint.

Variable name "ds" doesn't conform to snake_case naming style
Error

Line: 53 Column: 9 

              
    def test_long_running(self):
        # Populate a table
        ds = SimpleDataSet(self, self.source_uri, self.nrows,
            key_format=self.key_format, value_format=self.value_format)
        ds.populate()

        # Now scan the table and copy the rows into a new table. The cursor will keep the snapshot
        # in self.session pinned while the inserts cause new IDs to be allocated.

Reported by Pylint.

src/third_party/mozjs-60/extract/js/src/devtools/rootAnalysis/run-test.py
12 issues
Unable to import 'testlib'
Error

Line: 13 Column: 1 

              
testdir = os.path.abspath(os.path.join(os.path.dirname(__file__), 't'))
site.addsitedir(testdir)
from testlib import Test, equal

scriptdir = os.path.abspath(os.path.dirname(__file__))

parser = argparse.ArgumentParser(description='run hazard analysis tests')
parser.add_argument(

Reported by Pylint.

Use of exec detected.
Security

Line: 93
Suggestion: https://bandit.readthedocs.io/en/latest/plugins/b102_exec_used.html 

                  testpath = os.path.join(indir, "test.py")
    testscript = open(testpath).read()
    testcode = compile(testscript, testpath, 'exec')
    exec(testcode, {'test': test, 'equal': equal})
    print("TEST-PASSED: %s" % name)

Reported by Bandit.

Use of exec
Error

Line: 93 Column: 5 

                  testpath = os.path.join(indir, "test.py")
    testscript = open(testpath).read()
    testcode = compile(testscript, testpath, 'exec')
    exec(testcode, {'test': test, 'equal': equal})
    print("TEST-PASSED: %s" % name)

Reported by Pylint.

Module name "run-test" doesn't conform to snake_case naming style
Error

Line: 1 Column: 1 

              #!/usr/bin/env python3
# This Source Code Form is subject to the terms of the Mozilla Public
# License, v. 2.0. If a copy of the MPL was not distributed with this
# file, You can obtain one at http://mozilla.org/MPL/2.0/.

import os
import site
import subprocess
import argparse

Reported by Pylint.

Missing module docstring
Error

Line: 1 Column: 1 

              #!/usr/bin/env python3
# This Source Code Form is subject to the terms of the Mozilla Public
# License, v. 2.0. If a copy of the MPL was not distributed with this
# file, You can obtain one at http://mozilla.org/MPL/2.0/.

import os
import site
import subprocess
import argparse

Reported by Pylint.

Consider possible security implications associated with subprocess module.
Security blacklist

Line: 8
Suggestion: https://bandit.readthedocs.io/en/latest/blacklists/blacklist_imports.html#b404-import-subprocess 

              
import os
import site
import subprocess
import argparse

testdir = os.path.abspath(os.path.join(os.path.dirname(__file__), 't'))
site.addsitedir(testdir)
from testlib import Test, equal

Reported by Bandit.

Import "from testlib import Test, equal" should be placed at the top of the module
Error

Line: 13 Column: 1 

              
testdir = os.path.abspath(os.path.join(os.path.dirname(__file__), 't'))
site.addsitedir(testdir)
from testlib import Test, equal

scriptdir = os.path.abspath(os.path.dirname(__file__))

parser = argparse.ArgumentParser(description='run hazard analysis tests')
parser.add_argument(

Reported by Pylint.

Consider using sys.exit()
Error

Line: 49 Column: 5 

              cfg = parser.parse_args()

if not cfg.js:
    exit('Must specify JS binary through environment variable or --js option')
if not cfg.cc:
    if cfg.gccdir:
        cfg.cc = os.path.join(cfg.gccdir, "bin", "gcc")
    else:
        cfg.cc = "gcc"

Reported by Pylint.

subprocess call - check for execution of untrusted input.
Security injection

Line: 65
Suggestion: https://bandit.readthedocs.io/en/latest/plugins/b603_subprocess_without_shell_equals_true.html 

              if not cfg.sixgill_plugin:
    cfg.sixgill_plugin = os.path.join(cfg.sixgill, "usr", "libexec", "sixgill", "gcc", "xgill.so")

subprocess.check_call([cfg.js, '-e', 'if (!getBuildConfiguration()["has-ctypes"]) quit(1)'])

def binpath(prog):
    return os.path.join(cfg.sixgill_bin, prog)

try:

Reported by Bandit.

Missing function or method docstring
Error

Line: 67 Column: 1 

              
subprocess.check_call([cfg.js, '-e', 'if (!getBuildConfiguration()["has-ctypes"]) quit(1)'])

def binpath(prog):
    return os.path.join(cfg.sixgill_bin, prog)

try:
    os.mkdir(os.path.join('t', 'out'))
except OSError:

Reported by Pylint.

src/third_party/wiredtiger/test/3rdparty/python-subunit-0.0.16/python/subunit/chunked.py
12 issues
Unable to import 'testtools.compat'
Error

Line: 20 Column: 1 

              
"""Encoder/decoder for http style chunked encoding."""

from testtools.compat import _b

empty = _b('')

class Decoder(object):
    """Decode chunked content to a byte stream."""

Reported by Pylint.

Comparing against a callable, did you omit the parenthesis?
Error

Line: 60 Column: 12 

              
        :raises ValueError: If the stream is incomplete ValueError is raised.
        """
        if self.state != self._finished:
            raise ValueError("incomplete stream")

    def _finished(self):
        """Finished reading, return any remaining bytes."""
        if self.buffered_bytes:

Reported by Pylint.

Redefining built-in 'bytes'
Error

Line: 93 Column: 13 

                  def _read_length(self):
        """Try to decode a length from the bytes."""
        count_chars = []
        for bytes in self.buffered_bytes:
            for pos in range(len(bytes)):
                byte = bytes[pos:pos+1]
                if byte not in self._match_chars:
                    break
                count_chars.append(byte)

Reported by Pylint.

Redefining built-in 'bytes'
Error

Line: 129 Column: 21 

                          self.state = self._read_body
        return self.state()

    def write(self, bytes):
        """Decode bytes to the output stream.

        :raises ValueError: If the stream has already seen the end of file
            marker.
        :returns: None, or the excess bytes beyond the end of file marker.

Reported by Pylint.

Redefining built-in 'bytes'
Error

Line: 172 Column: 21 

                          self.output.write(empty.join(buffered_bytes))
        return True

    def write(self, bytes):
        """Encode bytes to the output stream."""
        bytes_len = len(bytes)
        if self.buffer_size + bytes_len >= 65536:
            self.flush(bytes_len)
            self.output.write(bytes)

Reported by Pylint.

Too many instance attributes (10/7)
Error

Line: 24 Column: 1 

              
empty = _b('')

class Decoder(object):
    """Decode chunked content to a byte stream."""

    def __init__(self, output, strict=True):
        """Create a decoder decoding to output.

Reported by Pylint.

Class 'Decoder' inherits from object, can be safely removed from bases in python3
Error

Line: 24 Column: 1 

              
empty = _b('')

class Decoder(object):
    """Decode chunked content to a byte stream."""

    def __init__(self, output, strict=True):
        """Create a decoder decoding to output.

Reported by Pylint.

Unnecessary "else" after "return"
Error

Line: 65 Column: 9 

              
    def _finished(self):
        """Finished reading, return any remaining bytes."""
        if self.buffered_bytes:
            buffered_bytes = self.buffered_bytes
            self.buffered_bytes = []
            return empty.join(buffered_bytes)
        else:
            raise ValueError("stream is finished")

Reported by Pylint.

Either all return statements in a function should return an expression, or none of them should.
Error

Line: 90 Column: 5 

                              self.state = self._read_length
                return self.state()

    def _read_length(self):
        """Try to decode a length from the bytes."""
        count_chars = []
        for bytes in self.buffered_bytes:
            for pos in range(len(bytes)):
                byte = bytes[pos:pos+1]

Reported by Pylint.

Too many branches (15/12)
Error

Line: 90 Column: 5 

                              self.state = self._read_length
                return self.state()

    def _read_length(self):
        """Try to decode a length from the bytes."""
        count_chars = []
        for bytes in self.buffered_bytes:
            for pos in range(len(bytes)):
                byte = bytes[pos:pos+1]

Reported by Pylint.

src/third_party/mozjs-60/extract/js/src/devtools/gctrace/gcstats.cpp
12 issues
vfprintf - If format strings can be influenced by an attacker, they can be exploited
Security

Line: 173 Column: 5 CWE codes: 134
Suggestion: Use a constant for the format specification 

              {
    va_list va;
    va_start(va, format);
    vfprintf(stderr, format, va);
    fprintf(stderr, "\n");
    va_end(va);
    exit(1);
}

Reported by FlawFinder.

fprintf - If format strings can be influenced by an attacker, they can be exploited
Security

Line: 351 Column: 13 CWE codes: 134
Suggestion: Use a constant for the format specification 

                  for (unsigned i = 0; i < lifetimeBins; ++i) {
        fprintf(file, "%8d", binLimit(i));
        for (unsigned j = 0; j < HeapKinds; ++j)
            fprintf(file, ", %8" PRIu64, allocCountByHeapAndLifetime[j][i]);
        fprintf(file, "\n");
    }
}

static void

Reported by FlawFinder.

fprintf - If format strings can be influenced by an attacker, they can be exploited
Security

Line: 367 Column: 13 CWE codes: 134
Suggestion: Use a constant for the format specification 

                  for (unsigned i = 0; i < lifetimeBins; ++i) {
        fprintf(file, "%8d", binLimit(i));
        for (unsigned j = 0; j < FinalizerKinds; ++j)
            fprintf(file, ", %8" PRIu64,
                    heapObjectCountByFinalizerAndLifetime[j][i]);
        fprintf(file, "\n");
    }
}

Reported by FlawFinder.

fprintf - If format strings can be influenced by an attacker, they can be exploited
Security

Line: 387 Column: 13 CWE codes: 134
Suggestion: Use a constant for the format specification 

                  for (unsigned i = 0; i < lifetimeBins; ++i) {
        fprintf(file, "%8d", binLimit(i));
        for (unsigned j = 0; j < classes.size(); ++j) {
            fprintf(file, ", %8" PRIu64,
                    finalizedHeapObjectCountByClassAndLifetime[j][i]);
        }
        fprintf(file, "\n");
    }
}

Reported by FlawFinder.

fprintf - If format strings can be influenced by an attacker, they can be exploited
Security

Line: 410 Column: 13 CWE codes: 134
Suggestion: Use a constant for the format specification 

                  for (unsigned i = 0; i < lifetimeBins; ++i) {
        fprintf(file, "%8d", binLimit(i));
        for (unsigned j = 0; j < AllocKinds; ++j)
            fprintf(file, ", %8" PRIu64,
                    allocCountByHeapKindAndLifetime[initialHeap][j][i]);
        fprintf(file, "\n");
    }
}

Reported by FlawFinder.

fprintf - If format strings can be influenced by an attacker, they can be exploited
Security

Line: 432 Column: 13 CWE codes: 134
Suggestion: Use a constant for the format specification 

                  for (unsigned i = 0; i < lifetimeBins; ++i) {
        fprintf(file, "%8d", binLimit(i));
        for (unsigned j = 0; j < classes.size(); ++j)
            fprintf(file, ", %8" PRIu64,
                    objectCountByHeapClassAndLifetime[initialHeap][j][i]);
        fprintf(file, "\n");
    }
}

Reported by FlawFinder.

fprintf - If format strings can be influenced by an attacker, they can be exploited
Security

Line: 467 Column: 13 CWE codes: 134
Suggestion: Use a constant for the format specification 

                  for (unsigned i = 0; i < lifetimeBins; ++i) {
        fprintf(file, "%8d", binLimit(i));
        for (unsigned j = 0; j < count; ++j)
            fprintf(file, ", %8" PRIu64,
                    objectCountByTypeHeapAndLifetime.at(topTypes[j])[initialHeap][i]);
        fprintf(file, "\n");
    }
}

Reported by FlawFinder.

char - Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues
Security

Line: 99 Column: 16 CWE codes: 119 120
Suggestion: Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length 

                  const char* getName() {
        if (name)
            return name;
        static char buffer[32];
        sprintf(buffer, "type %ld", id);
        return buffer;
    }
};

Reported by FlawFinder.

sprintf - Does not check for buffer overflows
Security

Line: 100 Column: 9 CWE codes: 120
Suggestion: Use sprintf_s, snprintf, or vsnprintf 

                      if (name)
            return name;
        static char buffer[32];
        sprintf(buffer, "type %ld", id);
        return buffer;
    }
};

typedef std::unordered_map<address, AllocInfo> AllocMap;

Reported by FlawFinder.

fopen - Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents?
Security

Line: 724 Column: 12 CWE codes: 362 

              processTraceFile(const char* filename)
{
    FILE* file;
    file = fopen(filename, "r");
    if (!file)
        die("Can't read file: %s", filename);

    // Get a conservative estimate of the total number of allocations so we can
    // allocate buffers in advance.

Reported by FlawFinder.

src/third_party/boost/boost/iostreams/read.hpp
12 issues
read - Check buffer boundaries if used in a loop including recursive loops
Security

Line: 47 Column: 1 CWE codes: 120 20 

              
template<typename T>
inline std::streamsize
read(T& t, typename char_type_of<T>::type* s, std::streamsize n)
{ return detail::read_device_impl<T>::read(detail::unwrap(t), s, n); }

template<typename T, typename Source>
std::streamsize
read(T& t, Source& src, typename char_type_of<T>::type* s, std::streamsize n)

Reported by FlawFinder.

read - Check buffer boundaries if used in a loop including recursive loops
Security

Line: 48 Column: 39 CWE codes: 120 20 

              template<typename T>
inline std::streamsize
read(T& t, typename char_type_of<T>::type* s, std::streamsize n)
{ return detail::read_device_impl<T>::read(detail::unwrap(t), s, n); }

template<typename T, typename Source>
std::streamsize
read(T& t, Source& src, typename char_type_of<T>::type* s, std::streamsize n)
{ return detail::read_filter_impl<T>::read(detail::unwrap(t), src, s, n); }

Reported by FlawFinder.

read - Check buffer boundaries if used in a loop including recursive loops
Security

Line: 52 Column: 1 CWE codes: 120 20 

              
template<typename T, typename Source>
std::streamsize
read(T& t, Source& src, typename char_type_of<T>::type* s, std::streamsize n)
{ return detail::read_filter_impl<T>::read(detail::unwrap(t), src, s, n); }

template<typename T>
bool putback(T& t, typename char_type_of<T>::type c)
{ return detail::read_device_impl<T>::putback(detail::unwrap(t), c); }

Reported by FlawFinder.

read - Check buffer boundaries if used in a loop including recursive loops
Security

Line: 53 Column: 39 CWE codes: 120 20 

              template<typename T, typename Source>
std::streamsize
read(T& t, Source& src, typename char_type_of<T>::type* s, std::streamsize n)
{ return detail::read_filter_impl<T>::read(detail::unwrap(t), src, s, n); }

template<typename T>
bool putback(T& t, typename char_type_of<T>::type c)
{ return detail::read_device_impl<T>::putback(detail::unwrap(t), c); }

Reported by FlawFinder.

read - Check buffer boundaries if used in a loop including recursive loops
Security

Line: 113 Column: 5 CWE codes: 120 20 

              
    template<typename T>
    static std::streamsize
    read(T& t, typename char_type_of<T>::type* s, std::streamsize n)
    { return check_eof(t.rdbuf()->sgetn(s, n)); }

    template<typename T>
    static bool putback(T& t, typename char_type_of<T>::type c)
    {

Reported by FlawFinder.

read - Check buffer boundaries if used in a loop including recursive loops
Security

Line: 143 Column: 5 CWE codes: 120 20 

              
    template<typename T>
    static std::streamsize
    read(T& t, typename char_type_of<T>::type* s, std::streamsize n)
    {
        std::streamsize amt;
        return (amt = t.sgetn(s, n)) != 0 ?
            amt :
            detail::true_eof(t) ?

Reported by FlawFinder.

read - Check buffer boundaries if used in a loop including recursive loops
Security

Line: 172 Column: 25 CWE codes: 120 20 

                      typedef iostreams::char_traits<char_type>  traits_type;
        char_type c;
        std::streamsize amt;
        return (amt = t.read(&c, 1)) == 1 ?
            traits_type::to_int_type(c) :
            amt == -1 ?
                traits_type::eof() :
                traits_type::would_block();
    }

Reported by FlawFinder.

read - Check buffer boundaries if used in a loop including recursive loops
Security

Line: 181 Column: 5 CWE codes: 120 20 

              
    template<typename T>
    static std::streamsize
    read(T& t, typename char_type_of<T>::type* s, std::streamsize n)
    { return t.read(s, n); }

    template<typename T>
    static bool putback(T& t, typename char_type_of<T>::type c)
    {   // T must be Peekable.

Reported by FlawFinder.

read - Check buffer boundaries if used in a loop including recursive loops
Security

Line: 182 Column: 16 CWE codes: 120 20 

                  template<typename T>
    static std::streamsize
    read(T& t, typename char_type_of<T>::type* s, std::streamsize n)
    { return t.read(s, n); }

    template<typename T>
    static bool putback(T& t, typename char_type_of<T>::type c)
    {   // T must be Peekable.
        return t.putback(c);

Reported by FlawFinder.

read - Check buffer boundaries if used in a loop including recursive loops
Security

Line: 210 Column: 28 CWE codes: 120 20 

              template<>
struct read_filter_impl<multichar_tag> {
    template<typename T, typename Source>
    static std::streamsize read
       (T& t, Source& src, typename char_type_of<T>::type* s, std::streamsize n)
    { return t.read(src, s, n); }
};

template<>

Reported by FlawFinder.

src/third_party/scons-3.1.2/scons-local-3.1.2/SCons/Scanner/Dir.py
12 issues
Access to a protected member _my_normcase of a client class
Error

Line: 67 Column: 16 

              
for skip in skip_entry_list:
    skip_entry[skip] = 1
    skip_entry[SCons.Node.FS._my_normcase(skip)] = 1

do_not_scan = lambda k: k not in skip_entry

def scan_on_disk(node, env, path=()):
    """

Reported by Pylint.

Unused argument 'env'
Error

Line: 90 Column: 26 

                      e('./' + f)
    return scan_in_memory(node, env, path)

def scan_in_memory(node, env, path=()):
    """
    "Scans" a Node.FS.Dir for its in-memory entries.
    """
    try:
        entries = node.entries

Reported by Pylint.

Unused argument 'path'
Error

Line: 90 Column: 31 

                      e('./' + f)
    return scan_in_memory(node, env, path)

def scan_in_memory(node, env, path=()):
    """
    "Scans" a Node.FS.Dir for its in-memory entries.
    """
    try:
        entries = node.entries

Reported by Pylint.

Missing module docstring
Error

Line: 1 Column: 1 

              #
# Copyright (c) 2001 - 2019 The SCons Foundation
#
# Permission is hereby granted, free of charge, to any person obtaining
# a copy of this software and associated documentation files (the
# "Software"), to deal in the Software without restriction, including
# without limitation the rights to use, copy, modify, merge, publish,
# distribute, sublicense, and/or sell copies of the Software, and to
# permit persons to whom the Software is furnished to do so, subject to

Reported by Pylint.

Module name "Dir" doesn't conform to snake_case naming style
Error

Line: 1 Column: 1 

              #
# Copyright (c) 2001 - 2019 The SCons Foundation
#
# Permission is hereby granted, free of charge, to any person obtaining
# a copy of this software and associated documentation files (the
# "Software"), to deal in the Software without restriction, including
# without limitation the rights to use, copy, modify, merge, publish,
# distribute, sublicense, and/or sell copies of the Software, and to
# permit persons to whom the Software is furnished to do so, subject to

Reported by Pylint.

Line too long (117/100)
Error

Line: 23 Column: 1 

              # OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
# WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

__revision__ = "src/engine/SCons/Scanner/Dir.py bee7caf9defd6e108fc2998a2520ddb36a967691 2019-12-17 02:07:09 bdeegan"

import SCons.Node.FS
import SCons.Scanner

def only_dirs(nodes):

Reported by Pylint.

Missing function or method docstring
Error

Line: 28 Column: 1 

              import SCons.Node.FS
import SCons.Scanner

def only_dirs(nodes):
    is_Dir = lambda n: isinstance(n.disambiguate(), SCons.Node.FS.Dir)
    return [node for node in nodes if is_Dir(node)]

def DirScanner(**kw):
    """Return a prototype Scanner instance for scanning

Reported by Pylint.

Variable name "is_Dir" doesn't conform to snake_case naming style
Error

Line: 29 Column: 5 

              import SCons.Scanner

def only_dirs(nodes):
    is_Dir = lambda n: isinstance(n.disambiguate(), SCons.Node.FS.Dir)
    return [node for node in nodes if is_Dir(node)]

def DirScanner(**kw):
    """Return a prototype Scanner instance for scanning
    directories for on-disk files"""

Reported by Pylint.

Function name "DirScanner" doesn't conform to snake_case naming style
Error

Line: 32 Column: 1 

                  is_Dir = lambda n: isinstance(n.disambiguate(), SCons.Node.FS.Dir)
    return [node for node in nodes if is_Dir(node)]

def DirScanner(**kw):
    """Return a prototype Scanner instance for scanning
    directories for on-disk files"""
    kw['node_factory'] = SCons.Node.FS.Entry
    kw['recursive'] = only_dirs
    return SCons.Scanner.Base(scan_on_disk, "DirScanner", **kw)

Reported by Pylint.

Function name "DirEntryScanner" doesn't conform to snake_case naming style
Error

Line: 39 Column: 1 

                  kw['recursive'] = only_dirs
    return SCons.Scanner.Base(scan_on_disk, "DirScanner", **kw)

def DirEntryScanner(**kw):
    """Return a prototype Scanner instance for "scanning"
    directory Nodes for their in-memory entries"""
    kw['node_factory'] = SCons.Node.FS.Entry
    kw['recursive'] = None
    return SCons.Scanner.Base(scan_in_memory, "DirEntryScanner", **kw)

Reported by Pylint.

src/third_party/wiredtiger/test/suite/test_bug023.py
12 issues
Unable to import 'wiredtiger'
Error

Line: 33 Column: 1 

              from suite_subprocess import suite_subprocess
import os
import shutil
import wiredtiger, wttest

# test_bug023.py
#   JIRA WT-5930: starting up a backup database with an error in wiredtiger_open
# then leaves the database in an incorrect state so that the next wiredtiger_open
# without an error loses data.

Reported by Pylint.

Unused copy_wiredtiger_home imported from helper
Error

Line: 29 Column: 1 

              # ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR
# OTHER DEALINGS IN THE SOFTWARE.

from helper import copy_wiredtiger_home
from suite_subprocess import suite_subprocess
import os
import shutil
import wiredtiger, wttest

Reported by Pylint.

Redefining built-in 'dir'
Error

Line: 49 Column: 32 

                  nentries = 10
    uri = 'file:bug023.wt'

    def take_full_backup(self, dir):
        # Open up the backup cursor, and copy the files.  Do a full backup.
        cursor = self.session.open_cursor('backup:', None, None)
        self.pr('Full backup to ' + dir + ': ')
        os.mkdir(dir)
        while True:

Reported by Pylint.

Missing module docstring
Error

Line: 1 Column: 1 

              #!/usr/bin/env python
#
# Public Domain 2014-present MongoDB, Inc.
# Public Domain 2008-2014 WiredTiger, Inc.
#
# This is free and unencumbered software released into the public domain.
#
# Anyone is free to copy, modify, publish, use, compile, sell, or
# distribute this software, either in source code form or as a compiled

Reported by Pylint.

standard import "import os" should be placed before "from helper import copy_wiredtiger_home"
Error

Line: 31 Column: 1 

              
from helper import copy_wiredtiger_home
from suite_subprocess import suite_subprocess
import os
import shutil
import wiredtiger, wttest

# test_bug023.py
#   JIRA WT-5930: starting up a backup database with an error in wiredtiger_open

Reported by Pylint.

standard import "import shutil" should be placed before "from helper import copy_wiredtiger_home"
Error

Line: 32 Column: 1 

              from helper import copy_wiredtiger_home
from suite_subprocess import suite_subprocess
import os
import shutil
import wiredtiger, wttest

# test_bug023.py
#   JIRA WT-5930: starting up a backup database with an error in wiredtiger_open
# then leaves the database in an incorrect state so that the next wiredtiger_open

Reported by Pylint.

third party import "import wiredtiger, wttest" should be placed before "from helper import copy_wiredtiger_home"
Error

Line: 33 Column: 1 

              from suite_subprocess import suite_subprocess
import os
import shutil
import wiredtiger, wttest

# test_bug023.py
#   JIRA WT-5930: starting up a backup database with an error in wiredtiger_open
# then leaves the database in an incorrect state so that the next wiredtiger_open
# without an error loses data.

Reported by Pylint.

Multiple imports on one line (wiredtiger, wttest)
Error

Line: 33 Column: 1 

              from suite_subprocess import suite_subprocess
import os
import shutil
import wiredtiger, wttest

# test_bug023.py
#   JIRA WT-5930: starting up a backup database with an error in wiredtiger_open
# then leaves the database in an incorrect state so that the next wiredtiger_open
# without an error loses data.

Reported by Pylint.

Class name "test_bug023" doesn't conform to PascalCase naming style
Error

Line: 39 Column: 1 

              #   JIRA WT-5930: starting up a backup database with an error in wiredtiger_open
# then leaves the database in an incorrect state so that the next wiredtiger_open
# without an error loses data.
class test_bug023(wttest.WiredTigerTestCase, suite_subprocess):
    '''Test backup, compatibility levels and an error opening the backup'''

    conn_config = 'config_base=false,log=(enabled),compatibility=(release=3.2.0)'
    conn_config_32_min = 'config_base=false,log=(enabled),compatibility=(require_min=3.2.0)'
    conn_config_33_err = 'config_base=false,log=(enabled),compatibility=(require_min=3.3.0)'

Reported by Pylint.

Missing function or method docstring
Error

Line: 49 Column: 5 

                  nentries = 10
    uri = 'file:bug023.wt'

    def take_full_backup(self, dir):
        # Open up the backup cursor, and copy the files.  Do a full backup.
        cursor = self.session.open_cursor('backup:', None, None)
        self.pr('Full backup to ' + dir + ': ')
        os.mkdir(dir)
        while True:

Reported by Pylint.

src/third_party/wiredtiger/test/suite/test_txn03.py
12 issues
Unable to import 'wiredtiger'
Error

Line: 33 Column: 1 

              #   Transactions: using multiple cursor and session handles
#

import wiredtiger, wttest
from wtscenario import make_scenarios

class test_txn03(wttest.WiredTigerTestCase):
    tablename = 'test_txn03'
    uri1 = 'table:' + tablename + "_1"

Reported by Pylint.

Unused import wiredtiger
Error

Line: 33 Column: 1 

              #   Transactions: using multiple cursor and session handles
#

import wiredtiger, wttest
from wtscenario import make_scenarios

class test_txn03(wttest.WiredTigerTestCase):
    tablename = 'test_txn03'
    uri1 = 'table:' + tablename + "_1"

Reported by Pylint.

Attribute 'session2' defined outside __init__
Error

Line: 75 Column: 9 

                      c.close()

        # Open another session and some transactional cursors.
        self.session2 = self.conn.open_session()
        self.session2.begin_transaction("isolation=snapshot")
        t1c = self.session2.open_cursor(self.uri1, None, 'overwrite')
        t2c = self.session2.open_cursor(self.uri2, None, 'overwrite')

        # Make an update in the first session.

Reported by Pylint.

Missing module docstring
Error

Line: 1 Column: 1 

              #!/usr/bin/env python
#
# Public Domain 2014-present MongoDB, Inc.
# Public Domain 2008-2014 WiredTiger, Inc.
#
# This is free and unencumbered software released into the public domain.
#
# Anyone is free to copy, modify, publish, use, compile, sell, or
# distribute this software, either in source code form or as a compiled

Reported by Pylint.

Multiple imports on one line (wiredtiger, wttest)
Error

Line: 33 Column: 1 

              #   Transactions: using multiple cursor and session handles
#

import wiredtiger, wttest
from wtscenario import make_scenarios

class test_txn03(wttest.WiredTigerTestCase):
    tablename = 'test_txn03'
    uri1 = 'table:' + tablename + "_1"

Reported by Pylint.

Class name "test_txn03" doesn't conform to PascalCase naming style
Error

Line: 36 Column: 1 

              import wiredtiger, wttest
from wtscenario import make_scenarios

class test_txn03(wttest.WiredTigerTestCase):
    tablename = 'test_txn03'
    uri1 = 'table:' + tablename + "_1"
    uri2 = 'table:' + tablename + "_2"
    key = "TEST_KEY1"
    data1 = "VAL"

Reported by Pylint.

Missing class docstring
Error

Line: 36 Column: 1 

              import wiredtiger, wttest
from wtscenario import make_scenarios

class test_txn03(wttest.WiredTigerTestCase):
    tablename = 'test_txn03'
    uri1 = 'table:' + tablename + "_1"
    uri2 = 'table:' + tablename + "_2"
    key = "TEST_KEY1"
    data1 = "VAL"

Reported by Pylint.

Missing function or method docstring
Error

Line: 54 Column: 5 

                              key = 123, data1 = 0x17, data2 = 0xaa)),
    ])

    def test_ops(self):
        self.session.create(self.uri1, self.create_params)
        self.session.create(self.uri2, self.create_params)
        # Set up the table with entries for 1 and 10
        # We use the overwrite config so insert can update as needed.
        c = self.session.open_cursor(self.uri1, None, 'overwrite')

Reported by Pylint.

Variable name "c" doesn't conform to snake_case naming style
Error

Line: 59 Column: 9 

                      self.session.create(self.uri2, self.create_params)
        # Set up the table with entries for 1 and 10
        # We use the overwrite config so insert can update as needed.
        c = self.session.open_cursor(self.uri1, None, 'overwrite')
        c[self.key] = self.data1
        c.close()
        c = self.session.open_cursor(self.uri2, None, 'overwrite')
        c[self.key] = self.data1
        c.close()

Reported by Pylint.

Variable name "c" doesn't conform to snake_case naming style
Error

Line: 62 Column: 9 

                      c = self.session.open_cursor(self.uri1, None, 'overwrite')
        c[self.key] = self.data1
        c.close()
        c = self.session.open_cursor(self.uri2, None, 'overwrite')
        c[self.key] = self.data1
        c.close()

        # Update the first table - this update should be visible in the
        # new session.

Reported by Pylint.

src/third_party/mozjs-60/extract/js/src/builtin/Profilers.cpp
12 issues
There is an unknown macro here somewhere. Configuration is required. If JS_PUBLIC_API is a macro then please configure it.
Error

Line: 54 

              }
#endif

JS_PUBLIC_API(const char*)
JS_UnsafeGetLastProfilingError()
{
    return gLastError;
}

Reported by Cppcheck.

strcpy - Does not check for buffer overflows when copying to destination [MS-banned]
Security

Line: 524 Column: 9 CWE codes: 120
Suggestion: Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused) 

                      UniqueChars flags2((char*)js_malloc(strlen(flags) + 1));
        if (!flags2)
            return false;
        strcpy(flags2.get(), flags);

        // Split |flags2| on spaces.
        char* toksave;
        char* tok = strtok_r(flags2.get(), " ", &toksave);
        while (tok) {

Reported by FlawFinder.

execvp - This causes a new program to execute and is difficult to use safely
Security

Line: 538 Column: 9 CWE codes: 78
Suggestion: try using a library call that implements the same functionality if available 

                      if (!args.append((char*) nullptr))
            return false;

        execvp("perf", const_cast<char**>(args.begin()));

        /* Reached only if execlp fails. */
        fprintf(stderr, "Unable to start perf.\n");
        exit(1);
    }

Reported by FlawFinder.

getenv - Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once
Security

Line: 485 Column: 10 CWE codes: 807 20
Suggestion: Check environment variables carefully before using them 

                  }

    // Bail if MOZ_PROFILE_WITH_PERF is empty or undefined.
    if (!getenv("MOZ_PROFILE_WITH_PERF") ||
        !strlen(getenv("MOZ_PROFILE_WITH_PERF"))) {
        return true;
    }

    /*

Reported by FlawFinder.

getenv - Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once
Security

Line: 486 Column: 17 CWE codes: 807 20
Suggestion: Check environment variables carefully before using them 

              
    // Bail if MOZ_PROFILE_WITH_PERF is empty or undefined.
    if (!getenv("MOZ_PROFILE_WITH_PERF") ||
        !strlen(getenv("MOZ_PROFILE_WITH_PERF"))) {
        return true;
    }

    /*
     * Delete mozperf.data the first time through -- we're going to append to it

Reported by FlawFinder.

getenv - Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once
Security

Line: 516 Column: 29 CWE codes: 807 20
Suggestion: Check environment variables carefully before using them 

                      if (!args.append(defaultArgs, ArrayLength(defaultArgs)))
            return false;

        const char* flags = getenv("MOZ_PROFILE_PERF_FLAGS");
        if (!flags) {
            flags = "--call-graph";
        }

        UniqueChars flags2((char*)js_malloc(strlen(flags) + 1));

Reported by FlawFinder.

char - Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues
Security

Line: 40 Column: 8 CWE codes: 119 120
Suggestion: Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length 

              
/* Thread-unsafe error management */

static char gLastError[2000];

#if defined(__APPLE__) || defined(__linux__) || defined(MOZ_CALLGRIND)
static void
MOZ_FORMAT_PRINTF(1, 2)
UnsafeError(const char* format, ...)

Reported by FlawFinder.

char - Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues
Security

Line: 497 Column: 9 CWE codes: 119 120
Suggestion: Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length 

                  if (!perfInitialized) {
        perfInitialized = true;
        unlink(outfile);
        char cwd[4096];
        printf("Writing perf profiling data to %s/%s\n",
               getcwd(cwd, sizeof(cwd)), outfile);
    }

    pid_t mainPid = getpid();

Reported by FlawFinder.

char - Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues
Security

Line: 508 Column: 9 CWE codes: 119 120
Suggestion: Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length 

                  if (childPid == 0) {
        /* perf record --pid $mainPID --output=$outfile $MOZ_PROFILE_PERF_FLAGS */

        char mainPidStr[16];
        SprintfLiteral(mainPidStr, "%d", mainPid);
        const char* defaultArgs[] = {"perf", "record", "--pid", mainPidStr, "--output", outfile};

        Vector<const char*, 0, SystemAllocPolicy> args;
        if (!args.append(defaultArgs, ArrayLength(defaultArgs)))

Reported by FlawFinder.

strlen - Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected)
Security

Line: 486 Column: 10 CWE codes: 126 

              
    // Bail if MOZ_PROFILE_WITH_PERF is empty or undefined.
    if (!getenv("MOZ_PROFILE_WITH_PERF") ||
        !strlen(getenv("MOZ_PROFILE_WITH_PERF"))) {
        return true;
    }

    /*
     * Delete mozperf.data the first time through -- we're going to append to it

Reported by FlawFinder.