The following issues were found

src/third_party/abseil-cpp-master/abseil-cpp/absl/time/internal/cctz/src/tzfile.h
9 issues
char - Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues
Security

Line: 45 Column: 3 CWE codes: 119 120
Suggestion: Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length

              #define TZ_MAGIC "TZif"

struct tzhead {
  char tzh_magic[4];      /* TZ_MAGIC */
  char tzh_version[1];    /* '\0' or '2' or '3' as of 2013 */
  char tzh_reserved[15];  /* reserved; must be zero */
  char tzh_ttisutcnt[4];  /* coded number of trans. time flags */
  char tzh_ttisstdcnt[4]; /* coded number of trans. time flags */
  char tzh_leapcnt[4];    /* coded number of leap seconds */

            

Reported by FlawFinder.

char - Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues
Security

Line: 46 Column: 3 CWE codes: 119 120
Suggestion: Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length

              
struct tzhead {
  char tzh_magic[4];      /* TZ_MAGIC */
  char tzh_version[1];    /* '\0' or '2' or '3' as of 2013 */
  char tzh_reserved[15];  /* reserved; must be zero */
  char tzh_ttisutcnt[4];  /* coded number of trans. time flags */
  char tzh_ttisstdcnt[4]; /* coded number of trans. time flags */
  char tzh_leapcnt[4];    /* coded number of leap seconds */
  char tzh_timecnt[4];    /* coded number of transition times */

            

Reported by FlawFinder.

char - Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues
Security

Line: 47 Column: 3 CWE codes: 119 120
Suggestion: Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length

              struct tzhead {
  char tzh_magic[4];      /* TZ_MAGIC */
  char tzh_version[1];    /* '\0' or '2' or '3' as of 2013 */
  char tzh_reserved[15];  /* reserved; must be zero */
  char tzh_ttisutcnt[4];  /* coded number of trans. time flags */
  char tzh_ttisstdcnt[4]; /* coded number of trans. time flags */
  char tzh_leapcnt[4];    /* coded number of leap seconds */
  char tzh_timecnt[4];    /* coded number of transition times */
  char tzh_typecnt[4];    /* coded number of local time types */

            

Reported by FlawFinder.

char - Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues
Security

Line: 48 Column: 3 CWE codes: 119 120
Suggestion: Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length

                char tzh_magic[4];      /* TZ_MAGIC */
  char tzh_version[1];    /* '\0' or '2' or '3' as of 2013 */
  char tzh_reserved[15];  /* reserved; must be zero */
  char tzh_ttisutcnt[4];  /* coded number of trans. time flags */
  char tzh_ttisstdcnt[4]; /* coded number of trans. time flags */
  char tzh_leapcnt[4];    /* coded number of leap seconds */
  char tzh_timecnt[4];    /* coded number of transition times */
  char tzh_typecnt[4];    /* coded number of local time types */
  char tzh_charcnt[4];    /* coded number of abbr. chars */

            

Reported by FlawFinder.

char - Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues
Security

Line: 49 Column: 3 CWE codes: 119 120
Suggestion: Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length

                char tzh_version[1];    /* '\0' or '2' or '3' as of 2013 */
  char tzh_reserved[15];  /* reserved; must be zero */
  char tzh_ttisutcnt[4];  /* coded number of trans. time flags */
  char tzh_ttisstdcnt[4]; /* coded number of trans. time flags */
  char tzh_leapcnt[4];    /* coded number of leap seconds */
  char tzh_timecnt[4];    /* coded number of transition times */
  char tzh_typecnt[4];    /* coded number of local time types */
  char tzh_charcnt[4];    /* coded number of abbr. chars */
};

            

Reported by FlawFinder.

char - Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues
Security

Line: 50 Column: 3 CWE codes: 119 120
Suggestion: Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length

                char tzh_reserved[15];  /* reserved; must be zero */
  char tzh_ttisutcnt[4];  /* coded number of trans. time flags */
  char tzh_ttisstdcnt[4]; /* coded number of trans. time flags */
  char tzh_leapcnt[4];    /* coded number of leap seconds */
  char tzh_timecnt[4];    /* coded number of transition times */
  char tzh_typecnt[4];    /* coded number of local time types */
  char tzh_charcnt[4];    /* coded number of abbr. chars */
};


            

Reported by FlawFinder.

char - Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues
Security

Line: 51 Column: 3 CWE codes: 119 120
Suggestion: Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length

                char tzh_ttisutcnt[4];  /* coded number of trans. time flags */
  char tzh_ttisstdcnt[4]; /* coded number of trans. time flags */
  char tzh_leapcnt[4];    /* coded number of leap seconds */
  char tzh_timecnt[4];    /* coded number of transition times */
  char tzh_typecnt[4];    /* coded number of local time types */
  char tzh_charcnt[4];    /* coded number of abbr. chars */
};

/*

            

Reported by FlawFinder.

char - Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues
Security

Line: 52 Column: 3 CWE codes: 119 120
Suggestion: Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length

                char tzh_ttisstdcnt[4]; /* coded number of trans. time flags */
  char tzh_leapcnt[4];    /* coded number of leap seconds */
  char tzh_timecnt[4];    /* coded number of transition times */
  char tzh_typecnt[4];    /* coded number of local time types */
  char tzh_charcnt[4];    /* coded number of abbr. chars */
};

/*
** . . .followed by. . .

            

Reported by FlawFinder.

char - Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues
Security

Line: 53 Column: 3 CWE codes: 119 120
Suggestion: Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length

                char tzh_leapcnt[4];    /* coded number of leap seconds */
  char tzh_timecnt[4];    /* coded number of transition times */
  char tzh_typecnt[4];    /* coded number of local time types */
  char tzh_charcnt[4];    /* coded number of abbr. chars */
};

/*
** . . .followed by. . .
**

            

Reported by FlawFinder.

src/third_party/wiredtiger/test/3rdparty/testtools-0.9.34/setup.py
9 issues
Module 'email' has no 'MessageError' member
Error

Line: 33 Column: 12

                      return None
    try:
        pkg_info = email.message_from_file(pkg_info_file)
    except email.MessageError:
        return None
    return pkg_info.get('Version', None)


def get_version():

            

Reported by Pylint.

standard import "from distutils.command.build_py import build_py" should be placed before "from setuptools import setup"
Error

Line: 5 Column: 1

              """Distutils installer for testtools."""

from setuptools import setup
from distutils.command.build_py import build_py
import email
import os
import sys

import testtools

            

Reported by Pylint.

standard import "import email" should be placed before "from setuptools import setup"
Error

Line: 6 Column: 1

              
from setuptools import setup
from distutils.command.build_py import build_py
import email
import os
import sys

import testtools
cmd_class = {}

            

Reported by Pylint.

standard import "import os" should be placed before "from setuptools import setup"
Error

Line: 7 Column: 1

              from setuptools import setup
from distutils.command.build_py import build_py
import email
import os
import sys

import testtools
cmd_class = {}
if getattr(testtools, 'TestCommand', None) is not None:

            

Reported by Pylint.

standard import "import sys" should be placed before "from setuptools import setup"
Error

Line: 8 Column: 1

              from distutils.command.build_py import build_py
import email
import os
import sys

import testtools
cmd_class = {}
if getattr(testtools, 'TestCommand', None) is not None:
    cmd_class['test'] = testtools.TestCommand

            

Reported by Pylint.

Missing class docstring
Error

Line: 16 Column: 1

                  cmd_class['test'] = testtools.TestCommand


class testtools_build_py(build_py):
    def build_module(self, module, module_file, package):
        if sys.version_info >= (3,) and module == '_compat2x':
            return
        return build_py.build_module(self, module, module_file, package)
cmd_class['build_py'] = testtools_build_py

            

Reported by Pylint.

Class name "testtools_build_py" doesn't conform to PascalCase naming style
Error

Line: 16 Column: 1

                  cmd_class['test'] = testtools.TestCommand


class testtools_build_py(build_py):
    def build_module(self, module, module_file, package):
        if sys.version_info >= (3,) and module == '_compat2x':
            return
        return build_py.build_module(self, module, module_file, package)
cmd_class['build_py'] = testtools_build_py

            

Reported by Pylint.

Either all return statements in a function should return an expression, or none of them should.
Error

Line: 17 Column: 5

              

class testtools_build_py(build_py):
    def build_module(self, module, module_file, package):
        if sys.version_info >= (3,) and module == '_compat2x':
            return
        return build_py.build_module(self, module, module_file, package)
cmd_class['build_py'] = testtools_build_py


            

Reported by Pylint.

Missing function or method docstring
Error

Line: 54 Column: 1

                  return "snapshot-%s" % (version,)


def get_long_description():
    manual_path = os.path.join(
        os.path.dirname(__file__), 'doc/overview.rst')
    return open(manual_path).read()



            

Reported by Pylint.

src/third_party/abseil-cpp-master/abseil-cpp/absl/strings/internal/str_format/float_conversion.cc
9 issues
snprintf - If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate
Security

Line: 961 Column: 13 CWE codes: 134
Suggestion: Use a constant for the format specification

                std::string space(512, '\0');
  absl::string_view result;
  while (true) {
    int n = snprintf(&space[0], space.size(), fmt, w, p, v);
    if (n < 0) return false;
    if (static_cast<size_t>(n) < space.size()) {
      result = absl::string_view(space.data(), n);
      break;
    }

            

Reported by FlawFinder.

char - Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues
Security

Line: 233 Column: 3 CWE codes: 119 120
Suggestion: Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length

                int decimal_start_;
  int decimal_end_;

  char digits_[kDigitsPerChunk];
  int size_ = 0;

  absl::Span<uint32_t> data_;
};


            

Reported by FlawFinder.

char - Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues
Security

Line: 516 Column: 3 CWE codes: 119 120
Suggestion: Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length

                static constexpr size_t integral_size =
      /* in case we need to round up an extra digit */ 1 +
      /* decimal digits for uint128 */ 40 + 1;
  char buffer[integral_size + /* . */ 1 + /* max digits uint128 */ 128];
  buffer[integral_size] = '.';
  char *const integral_digits_end = buffer + integral_size;
  char *integral_digits_start;
  char *const fractional_digits_start = buffer + integral_size + 1;
  char *fractional_digits_end = fractional_digits_start;

            

Reported by FlawFinder.

char - Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues
Security

Line: 884 Column: 3 CWE codes: 119 120
Suggestion: Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length

                    + std::numeric_limits<MaxFloatType>::digits / 4  // number of hex digits
      + 1                                              // round up
      + 1;                                             // "." (dot)
  char digits_buffer[kBufSizeForHexFloatRepr];
  char *digits_iter = digits_buffer;
  const char *const digits =
      static_cast<const char *>("0123456789ABCDEF0123456789abcdef") +
      (uppercase ? 0 : 16);


            

Reported by FlawFinder.

char - Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues
Security

Line: 922 Column: 3 CWE codes: 119 120
Suggestion: Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length

                    numbers_internal::kFastToBufferSize  // requred for FastIntToBuffer
      + 1                                  // 'p' or 'P'
      + 1;                                 // '+' or '-'
  char exp_buffer[kBufSizeForExpDecRepr];
  exp_buffer[0] = uppercase ? 'P' : 'p';
  exp_buffer[1] = exp >= 0 ? '+' : '-';
  numbers_internal::FastIntToBuffer(exp < 0 ? -exp : exp, exp_buffer + 2);

  // ============ Assemble Result ==============

            

Reported by FlawFinder.

memcpy - Does not check for buffer overflows when copying to destination
Security

Line: 936 Column: 8 CWE codes: 120
Suggestion: Make sure destination can always hold the source data

              }

char *CopyStringTo(absl::string_view v, char *out) {
  std::memcpy(out, v.data(), v.size());
  return out + v.size();
}

template <typename Float>
bool FallbackToSnprintf(const Float v, const FormatConversionSpecImpl &conv,

            

Reported by FlawFinder.

char - Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues
Security

Line: 945 Column: 3 CWE codes: 119 120
Suggestion: Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length

                                      FormatSinkImpl *sink) {
  int w = conv.width() >= 0 ? conv.width() : 0;
  int p = conv.precision() >= 0 ? conv.precision() : -1;
  char fmt[32];
  {
    char *fp = fmt;
    *fp++ = '%';
    fp = CopyStringTo(FormatConversionSpecImplFriend::FlagsToString(conv), fp);
    fp = CopyStringTo("*.*", fp);

            

Reported by FlawFinder.

char - Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues
Security

Line: 1006 Column: 3 CWE codes: 119 120
Suggestion: Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length

              
  int size() const { return static_cast<int>(end - begin); }

  char data[kBufferLength];
  char *begin;
  char *end;
};

enum class FormatStyle { Fixed, Precision };

            

Reported by FlawFinder.

char - Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues
Security

Line: 1019 Column: 3 CWE codes: 119 120
Suggestion: Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length

              bool ConvertNonNumericFloats(char sign_char, Float v,
                             const FormatConversionSpecImpl &conv,
                             FormatSinkImpl *sink) {
  char text[4], *ptr = text;
  if (sign_char != '\0') *ptr++ = sign_char;
  if (std::isnan(v)) {
    ptr = std::copy_n(
        FormatConversionCharIsUpper(conv.conversion_char()) ? "NAN" : "nan", 3,
        ptr);

            

Reported by FlawFinder.

src/third_party/mozjs-60/extract/js/src/jit/arm64/vixl/Debugger-vixl.cpp
9 issues
fprintf - If format strings can be influenced by an attacker, they can be exploited
Security

Line: 233 Column: 5 CWE codes: 134
Suggestion: Use a constant for the format specification

                virtual void PrintData(void* data, FILE* out = stdout) const override {
    T value;
    memcpy(&value, data, sizeof(value));
    fprintf(out, fmt_, value);
  }
  virtual void Print(FILE* out = stdout) const override;

 private:
  const char* fmt_;

            

Reported by FlawFinder.

char - Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues
Security

Line: 729 Column: 7 CWE codes: 119 120
Suggestion: Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length

                  PrintInstructions(pc());
    bool done = false;
    while (!done) {
      char buffer[kMaxDebugShellLine];
      char* line = ReadCommandLine("vixl> ", buffer, kMaxDebugShellLine);

      if (line == NULL) continue;  // An error occurred.

      DebugCommand* command = DebugCommand::Parse(line);

            

Reported by FlawFinder.

strlen - Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected)
Security

Line: 138 Column: 19 CWE codes: 126

              class IdentifierToken : public ValueToken<char*> {
 public:
  explicit IdentifierToken(const char* name) {
    size_t size = strlen(name) + 1;
    value_ = (char*)js_malloc(size);
    strncpy(value_, name, size);
  }
  virtual ~IdentifierToken() { js_free(value_); }


            

Reported by FlawFinder.

strncpy - Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned]
Security

Line: 140 Column: 5 CWE codes: 120

                explicit IdentifierToken(const char* name) {
    size_t size = strlen(name) + 1;
    value_ = (char*)js_malloc(size);
    strncpy(value_, name, size);
  }
  virtual ~IdentifierToken() { js_free(value_); }

  virtual bool IsIdentifier() const override { return true; }
  virtual bool CanAddressMemory() const override { return strcmp(value(), "pc") == 0; }

            

Reported by FlawFinder.

strlen - Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected)
Security

Line: 246 Column: 19 CWE codes: 126

              class UnknownToken : public Token {
 public:
  explicit UnknownToken(const char* arg) {
    size_t size = strlen(arg) + 1;
    unknown_ = (char*)js_malloc(size);
    strncpy(unknown_, arg, size);
  }
  virtual ~UnknownToken() { js_free(unknown_); }
  virtual uint8_t* ToAddress(Debugger* debugger) const override {

            

Reported by FlawFinder.

strncpy - Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned]
Security

Line: 248 Column: 5 CWE codes: 120

                explicit UnknownToken(const char* arg) {
    size_t size = strlen(arg) + 1;
    unknown_ = (char*)js_malloc(size);
    strncpy(unknown_, arg, size);
  }
  virtual ~UnknownToken() { js_free(unknown_); }
  virtual uint8_t* ToAddress(Debugger* debugger) const override {
    USE(debugger);
    VIXL_ABORT();

            

Reported by FlawFinder.

strlen - Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected)
Security

Line: 905 Column: 7 CWE codes: 126

              

Token* FPRegisterToken::Tokenize(const char* arg) {
  if (strlen(arg) < 2) {
    return NULL;
  }

  switch (*arg) {
    case 's':

            

Reported by FlawFinder.

strlen - Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected)
Security

Line: 983 Column: 8 CWE codes: 126

              

Token* AddressToken::Tokenize(const char* arg) {
  if ((strlen(arg) < 3) || (arg[0] != '0') || (arg[1] != 'x')) {
    return NULL;
  }

  uint64_t ptr = 0;
  if (!StringToUInt64(&ptr, arg, 16)) {

            

Reported by FlawFinder.

strlen - Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected)
Security

Line: 1013 Column: 19 CWE codes: 126

              

Token* FormatToken::Tokenize(const char* arg) {
  size_t length = strlen(arg);
  switch (arg[0]) {
    case 'x':
    case 's':
    case 'u':
    case 'f':

            

Reported by FlawFinder.

src/third_party/scons-3.1.2/scons-local-3.1.2/SCons/Tool/sunlink.py
9 issues
Attempted relative import beyond top-level package
Error

Line: 40 Column: 1

              
import SCons.Util

from . import link

ccLinker = None

# search for the acc compiler and linker front end


            

Reported by Pylint.

Access to a protected member _setup_versioned_lib_variables of a client class
Error

Line: 70 Column: 5

                  env['_RPATH'] = '${_concat(RPATHPREFIX, RPATH, RPATHSUFFIX, __env__)}'

    # Support for versioned libraries
    link._setup_versioned_lib_variables(env, tool = 'sunlink', use_soname = True) 
    env['LINKCALLBACKS'] = link._versioned_lib_callbacks()

def exists(env):
    return ccLinker


            

Reported by Pylint.

Access to a protected member _versioned_lib_callbacks of a client class
Error

Line: 71 Column: 28

              
    # Support for versioned libraries
    link._setup_versioned_lib_variables(env, tool = 'sunlink', use_soname = True) 
    env['LINKCALLBACKS'] = link._versioned_lib_callbacks()

def exists(env):
    return ccLinker

# Local Variables:

            

Reported by Pylint.

Unused argument 'env'
Error

Line: 73 Column: 12

                  link._setup_versioned_lib_variables(env, tool = 'sunlink', use_soname = True) 
    env['LINKCALLBACKS'] = link._versioned_lib_callbacks()

def exists(env):
    return ccLinker

# Local Variables:
# tab-width:4
# indent-tabs-mode:nil

            

Reported by Pylint.

Line too long (118/100)
Error

Line: 33 Column: 1

              # WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
#

__revision__ = "src/engine/SCons/Tool/sunlink.py bee7caf9defd6e108fc2998a2520ddb36a967691 2019-12-17 02:07:09 bdeegan"

import os
import os.path

import SCons.Util

            

Reported by Pylint.

Constant name "ccLinker" doesn't conform to UPPER_CASE naming style
Error

Line: 42 Column: 1

              
from . import link

ccLinker = None

# search for the acc compiler and linker front end

try:
    dirs = os.listdir('/opt')

            

Reported by Pylint.

Trailing whitespace
Error

Line: 62 Column: 1

              def generate(env):
    """Add Builders and construction variables for Forte to an Environment."""
    link.generate(env)
    
    env['SHLINKFLAGS'] = SCons.Util.CLVar('$LINKFLAGS -G')

    env['RPATHPREFIX'] = '-R'
    env['RPATHSUFFIX'] = ''
    env['_RPATH'] = '${_concat(RPATHPREFIX, RPATH, RPATHSUFFIX, __env__)}'

            

Reported by Pylint.

Trailing whitespace
Error

Line: 70 Column: 82

                  env['_RPATH'] = '${_concat(RPATHPREFIX, RPATH, RPATHSUFFIX, __env__)}'

    # Support for versioned libraries
    link._setup_versioned_lib_variables(env, tool = 'sunlink', use_soname = True) 
    env['LINKCALLBACKS'] = link._versioned_lib_callbacks()

def exists(env):
    return ccLinker


            

Reported by Pylint.

Missing function or method docstring
Error

Line: 73 Column: 1

                  link._setup_versioned_lib_variables(env, tool = 'sunlink', use_soname = True) 
    env['LINKCALLBACKS'] = link._versioned_lib_callbacks()

def exists(env):
    return ccLinker

# Local Variables:
# tab-width:4
# indent-tabs-mode:nil

            

Reported by Pylint.

src/third_party/abseil-cpp-master/abseil-cpp/absl/strings/cord.h
9 issues
memcpy - Does not check for buffer overflows when copying to destination
Security

Line: 747 Column: 7 CWE codes: 120
Suggestion: Make sure destination can always hold the source data

                    // to 15 bytes does not cause a memory allocation.
      absl::strings_internal::STLStringResizeUninitialized(dst,
                                                           sizeof(data_) - 1);
      memcpy(&(*dst)[0], &data_, sizeof(data_) - 1);
      // erase is faster than resize because the logic for memory allocation is
      // not needed.
      dst->erase(inline_size());
    }


            

Reported by FlawFinder.

memcpy - Does not check for buffer overflows when copying to destination
Security

Line: 866 Column: 5 CWE codes: 120
Suggestion: Make sure destination can always hold the source data

                  assert(n <= 16);
    uint64_t buf1;
    uint64_t buf2;
    memcpy(&buf1, src, 8);
    memcpy(&buf2, src + n - 8, 8);
    if (nullify_tail) {
      memset(dst + 8, 0, 8);
    }
    memcpy(dst, &buf1, 8);

            

Reported by FlawFinder.

memcpy - Does not check for buffer overflows when copying to destination
Security

Line: 867 Column: 5 CWE codes: 120
Suggestion: Make sure destination can always hold the source data

                  uint64_t buf1;
    uint64_t buf2;
    memcpy(&buf1, src, 8);
    memcpy(&buf2, src + n - 8, 8);
    if (nullify_tail) {
      memset(dst + 8, 0, 8);
    }
    memcpy(dst, &buf1, 8);
    memcpy(dst + n - 8, &buf2, 8);

            

Reported by FlawFinder.

memcpy - Does not check for buffer overflows when copying to destination
Security

Line: 871 Column: 5 CWE codes: 120
Suggestion: Make sure destination can always hold the source data

                  if (nullify_tail) {
      memset(dst + 8, 0, 8);
    }
    memcpy(dst, &buf1, 8);
    memcpy(dst + n - 8, &buf2, 8);
  } else if (n >= 4) {
    uint32_t buf1;
    uint32_t buf2;
    memcpy(&buf1, src, 4);

            

Reported by FlawFinder.

memcpy - Does not check for buffer overflows when copying to destination
Security

Line: 872 Column: 5 CWE codes: 120
Suggestion: Make sure destination can always hold the source data

                    memset(dst + 8, 0, 8);
    }
    memcpy(dst, &buf1, 8);
    memcpy(dst + n - 8, &buf2, 8);
  } else if (n >= 4) {
    uint32_t buf1;
    uint32_t buf2;
    memcpy(&buf1, src, 4);
    memcpy(&buf2, src + n - 4, 4);

            

Reported by FlawFinder.

memcpy - Does not check for buffer overflows when copying to destination
Security

Line: 876 Column: 5 CWE codes: 120
Suggestion: Make sure destination can always hold the source data

                } else if (n >= 4) {
    uint32_t buf1;
    uint32_t buf2;
    memcpy(&buf1, src, 4);
    memcpy(&buf2, src + n - 4, 4);
    if (nullify_tail) {
      memset(dst + 4, 0, 4);
      memset(dst + 8, 0, 8);
    }

            

Reported by FlawFinder.

memcpy - Does not check for buffer overflows when copying to destination
Security

Line: 877 Column: 5 CWE codes: 120
Suggestion: Make sure destination can always hold the source data

                  uint32_t buf1;
    uint32_t buf2;
    memcpy(&buf1, src, 4);
    memcpy(&buf2, src + n - 4, 4);
    if (nullify_tail) {
      memset(dst + 4, 0, 4);
      memset(dst + 8, 0, 8);
    }
    memcpy(dst, &buf1, 4);

            

Reported by FlawFinder.

memcpy - Does not check for buffer overflows when copying to destination
Security

Line: 882 Column: 5 CWE codes: 120
Suggestion: Make sure destination can always hold the source data

                    memset(dst + 4, 0, 4);
      memset(dst + 8, 0, 8);
    }
    memcpy(dst, &buf1, 4);
    memcpy(dst + n - 4, &buf2, 4);
  } else {
    if (n != 0) {
      dst[0] = src[0];
      dst[n / 2] = src[n / 2];

            

Reported by FlawFinder.

memcpy - Does not check for buffer overflows when copying to destination
Security

Line: 883 Column: 5 CWE codes: 120
Suggestion: Make sure destination can always hold the source data

                    memset(dst + 8, 0, 8);
    }
    memcpy(dst, &buf1, 4);
    memcpy(dst + n - 4, &buf2, 4);
  } else {
    if (n != 0) {
      dst[0] = src[0];
      dst[n / 2] = src[n / 2];
      dst[n - 1] = src[n - 1];

            

Reported by FlawFinder.

src/third_party/scons-3.1.2/scons-local-3.1.2/SCons/Tool/pdf.py
9 issues
Using the global statement
Error

Line: 44 Column: 9

                  try:
        env['BUILDERS']['PDF']
    except KeyError:
        global PDFBuilder
        if PDFBuilder is None:
            PDFBuilder = SCons.Builder.Builder(action = {},
                                               source_scanner = SCons.Tool.PDFLaTeXScanner,
                                               prefix = '$PDFPREFIX',
                                               suffix = '$PDFSUFFIX',

            

Reported by Pylint.

Unused argument 'env'
Error

Line: 69 Column: 12

                  env['EPSTOPDFFLAGS'] = SCons.Util.CLVar('')
    env['EPSTOPDFCOM']   = '$EPSTOPDF $EPSTOPDFFLAGS ${SOURCE} --outfile=${TARGET}'

def exists(env):
    # This only puts a skeleton Builder in place, so if someone
    # references this Tool directly, it's always "available."
    return 1

# Local Variables:

            

Reported by Pylint.

Line too long (114/100)
Error

Line: 31 Column: 1

              # WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
#

__revision__ = "src/engine/SCons/Tool/pdf.py bee7caf9defd6e108fc2998a2520ddb36a967691 2019-12-17 02:07:09 bdeegan"

import SCons.Builder
import SCons.Tool

PDFBuilder = None

            

Reported by Pylint.

Constant name "PDFBuilder" doesn't conform to UPPER_CASE naming style
Error

Line: 36 Column: 1

              import SCons.Builder
import SCons.Tool

PDFBuilder = None

EpsPdfAction = SCons.Action.Action('$EPSTOPDFCOM', '$EPSTOPDFCOMSTR')

def generate(env):
    try:

            

Reported by Pylint.

Missing function or method docstring
Error

Line: 40 Column: 1

              
EpsPdfAction = SCons.Action.Action('$EPSTOPDFCOM', '$EPSTOPDFCOMSTR')

def generate(env):
    try:
        env['BUILDERS']['PDF']
    except KeyError:
        global PDFBuilder
        if PDFBuilder is None:

            

Reported by Pylint.

Constant name "PDFBuilder" doesn't conform to UPPER_CASE naming style
Error

Line: 44 Column: 9

                  try:
        env['BUILDERS']['PDF']
    except KeyError:
        global PDFBuilder
        if PDFBuilder is None:
            PDFBuilder = SCons.Builder.Builder(action = {},
                                               source_scanner = SCons.Tool.PDFLaTeXScanner,
                                               prefix = '$PDFPREFIX',
                                               suffix = '$PDFSUFFIX',

            

Reported by Pylint.

Trailing whitespace
Error

Line: 58 Column: 66

                  env['PDFPREFIX'] = ''
    env['PDFSUFFIX'] = '.pdf'

# put the epstopdf builder in this routine so we can add it after 
# the pdftex builder so that one is the default for no source suffix
def generate2(env):
    bld = env['BUILDERS']['PDF']
    #bld.add_action('.ps',  EpsPdfAction) # this is covered by direct Ghostcript action in gs.py
    bld.add_action('.eps', EpsPdfAction)

            

Reported by Pylint.

Missing function or method docstring
Error

Line: 60 Column: 1

              
# put the epstopdf builder in this routine so we can add it after 
# the pdftex builder so that one is the default for no source suffix
def generate2(env):
    bld = env['BUILDERS']['PDF']
    #bld.add_action('.ps',  EpsPdfAction) # this is covered by direct Ghostcript action in gs.py
    bld.add_action('.eps', EpsPdfAction)

    env['EPSTOPDF']      = 'epstopdf'

            

Reported by Pylint.

Missing function or method docstring
Error

Line: 69 Column: 1

                  env['EPSTOPDFFLAGS'] = SCons.Util.CLVar('')
    env['EPSTOPDFCOM']   = '$EPSTOPDF $EPSTOPDFFLAGS ${SOURCE} --outfile=${TARGET}'

def exists(env):
    # This only puts a skeleton Builder in place, so if someone
    # references this Tool directly, it's always "available."
    return 1

# Local Variables:

            

Reported by Pylint.

src/third_party/wiredtiger/test/3rdparty/python-subunit-0.0.16/python/subunit/tests/test_subunit_tags.py
9 issues
Unable to import 'testtools'
Error

Line: 21 Column: 1

              
from io import BytesIO

import testtools
from testtools.matchers import Contains

import subunit
import subunit.test_results


            

Reported by Pylint.

Unable to import 'testtools.matchers'
Error

Line: 22 Column: 1

              from io import BytesIO

import testtools
from testtools.matchers import Contains

import subunit
import subunit.test_results



            

Reported by Pylint.

Trailing whitespace
Error

Line: 9 Column: 2

              #  license at the users choice. A copy of both licenses are available in the
#  project source as Apache-2.0 and BSD. You may not use this file except in
#  compliance with one of these two licences.
#  
#  Unless required by applicable law or agreed to in writing, software
#  distributed under these licenses is distributed on an "AS IS" BASIS, WITHOUT
#  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.  See the
#  license you chose for the specific language governing permissions and
#  limitations under that license.

            

Reported by Pylint.

Missing class docstring
Error

Line: 28 Column: 1

              import subunit.test_results


class TestSubUnitTags(testtools.TestCase):

    def setUp(self):
        super(TestSubUnitTags, self).setUp()
        self.original = BytesIO()
        self.filtered = BytesIO()

            

Reported by Pylint.

Method name "setUp" doesn't conform to snake_case naming style
Error

Line: 30 Column: 5

              
class TestSubUnitTags(testtools.TestCase):

    def setUp(self):
        super(TestSubUnitTags, self).setUp()
        self.original = BytesIO()
        self.filtered = BytesIO()

    def test_add_tag(self):

            

Reported by Pylint.

Missing function or method docstring
Error

Line: 30 Column: 5

              
class TestSubUnitTags(testtools.TestCase):

    def setUp(self):
        super(TestSubUnitTags, self).setUp()
        self.original = BytesIO()
        self.filtered = BytesIO()

    def test_add_tag(self):

            

Reported by Pylint.

Consider using Python 3 style super() without arguments
Error

Line: 31 Column: 9

              class TestSubUnitTags(testtools.TestCase):

    def setUp(self):
        super(TestSubUnitTags, self).setUp()
        self.original = BytesIO()
        self.filtered = BytesIO()

    def test_add_tag(self):
        # Literal values to avoid set sort-order dependencies. Python code show

            

Reported by Pylint.

Missing function or method docstring
Error

Line: 35 Column: 5

                      self.original = BytesIO()
        self.filtered = BytesIO()

    def test_add_tag(self):
        # Literal values to avoid set sort-order dependencies. Python code show
        # derivation.
        # reference = BytesIO()
        # stream = subunit.StreamResultToBytes(reference)
        # stream.status(

            

Reported by Pylint.

Missing function or method docstring
Error

Line: 70 Column: 5

                          0, subunit.tag_stream(self.original, self.filtered, ["quux"]))
        self.assertThat(reference, Contains(self.filtered.getvalue()))

    def test_remove_tag(self):
        reference = BytesIO()
        stream = subunit.StreamResultToBytes(reference)
        stream.status(
            test_id='test', test_status='inprogress', test_tags=set(['foo']))
        stream.status(

            

Reported by Pylint.

src/third_party/abseil-cpp-master/abseil-cpp/absl/flags/flag_test.cc
9 issues
syntax error
Error

Line: 103

                double f2;
};

TEST_F(FlagTest, Traits) {
  EXPECT_EQ(flags::StorageKind<int>(),
            flags::FlagValueStorageKind::kOneWordAtomic);
  EXPECT_EQ(flags::StorageKind<bool>(),
            flags::FlagValueStorageKind::kOneWordAtomic);
  EXPECT_EQ(flags::StorageKind<double>(),

            

Reported by Cppcheck.

StrCat - Does not check for buffer overflows when concatenating to destination [MS-banned]
Security

Line: 475 Column: 16 CWE codes: 120

                return absl::ParseFlag(src, &f->value, e);
}
std::string AbslUnparseFlag(const NonTriviallyCopyableAggregate& ntc) {
  return absl::StrCat(ntc.value);
}

bool operator==(const NonTriviallyCopyableAggregate& ntc1,
                const NonTriviallyCopyableAggregate& ntc2) {
  return ntc1.value == ntc2.value;

            

Reported by FlawFinder.

StrCat - Does not check for buffer overflows when concatenating to destination [MS-banned]
Security

Line: 632 Column: 17 CWE codes: 120

              ABSL_FLAG(int, test_int_flag_with_non_const_default, GetDflt1(),
          "test int flag non const default");
ABSL_FLAG(std::string, test_string_flag_with_non_const_default,
          absl::StrCat("AAA", "BBB"), "test string flag non const default");

namespace {

TEST_F(FlagTest, TestNonConstexprDefault) {
  EXPECT_EQ(absl::GetFlag(FLAGS_test_int_flag_with_non_const_default), 1);

            

Reported by FlawFinder.

StrCat - Does not check for buffer overflows when concatenating to destination [MS-banned]
Security

Line: 647 Column: 17 CWE codes: 120

              }  // namespace

ABSL_FLAG(bool, test_flag_with_non_const_help, true,
          absl::StrCat("test ", "flag ", "non const help"));

namespace {

#if !ABSL_FLAGS_STRIP_HELP
TEST_F(FlagTest, TestNonConstexprHelp) {

            

Reported by FlawFinder.

StrCat - Does not check for buffer overflows when concatenating to destination [MS-banned]
Security

Line: 716 Column: 16 CWE codes: 120

                return true;
}
std::string AbslUnparseFlag(const CustomUDT& f) {
  return absl::StrCat(f.a, ":", f.b);
}

}  // namespace

ABSL_FLAG(CustomUDT, test_flag_custom_udt, CustomUDT(), "test flag custom UDT");

            

Reported by FlawFinder.

StrCat - Does not check for buffer overflows when concatenating to destination [MS-banned]
Security

Line: 784 Column: 16 CWE codes: 120

                return true;
}
std::string AbslUnparseFlag(const ConversionTestVal& val) {
  return absl::StrCat(val.a);
}

}  // namespace

// Flag default values can be specified with a value that converts to the flag

            

Reported by FlawFinder.

StrCat - Does not check for buffer overflows when concatenating to destination [MS-banned]
Security

Line: 823 Column: 16 CWE codes: 120

                return absl::SimpleAtoi(in, &ndc_out->value);
}
std::string AbslUnparseFlag(const NonDfltConstructible& ndc) {
  return absl::StrCat(ndc.value);
}

}  // namespace

ABSL_FLAG(NonDfltConstructible, ndc_flag1, NonDfltConstructible('1'),

            

Reported by FlawFinder.

StrCat - Does not check for buffer overflows when concatenating to destination [MS-banned]
Security

Line: 852 Column: 56 CWE codes: 120

              
ABSL_RETIRED_FLAG(bool, old_bool_flag, true, "old descr");
ABSL_RETIRED_FLAG(int, old_int_flag, (int)std::sqrt(10), "old descr");
ABSL_RETIRED_FLAG(std::string, old_str_flag, "", absl::StrCat("old ", "descr"));

bool initializaion_order_fiasco_test = [] {
  // Iterate over all the flags during static initialization.
  // This should not trigger ASan's initialization-order-fiasco.
  auto* handle1 = absl::FindCommandLineFlag("flag_on_separate_file");

            

Reported by FlawFinder.

char - Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues
Security

Line: 890 Column: 3 CWE codes: 119 120
Suggestion: Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length

                SmallAlignUDT() : c('A'), s(12) {}
  char c;
  int16_t s;
  char bytes[14];
};

bool AbslParseFlag(absl::string_view, SmallAlignUDT*, std::string*) {
  return true;
}

            

Reported by FlawFinder.

src/third_party/abseil-cpp-master/abseil-cpp/absl/debugging/failure_signal_handler_test.cc
9 issues
syntax error
Error

Line: 48

                raise(signo);
}

TEST_P(FailureSignalHandlerDeathTest, AbslFailureSignal) {
  const int signo = GetParam();
  std::string exit_regex = absl::StrCat(
      "\\*\\*\\* ", absl::debugging_internal::FailureSignalToString(signo),
      " received at time=");
#ifndef _WIN32

            

Reported by Cppcheck.

StrCat - Does not check for buffer overflows when concatenating to destination [MS-banned]
Security

Line: 50 Column: 34 CWE codes: 120

              
TEST_P(FailureSignalHandlerDeathTest, AbslFailureSignal) {
  const int signo = GetParam();
  std::string exit_regex = absl::StrCat(
      "\\*\\*\\* ", absl::debugging_internal::FailureSignalToString(signo),
      " received at time=");
#ifndef _WIN32
  EXPECT_EXIT(InstallHandlerAndRaise(signo), testing::KilledBySignal(signo),
              exit_regex);

            

Reported by FlawFinder.

StrCat - Does not check for buffer overflows when concatenating to destination [MS-banned]
Security

Line: 100 Column: 28 CWE codes: 120

              TEST_P(FailureSignalHandlerDeathTest, AbslFatalSignalsWithWriterFn) {
  const int signo = GetParam();
  std::string tmp_dir = GetTmpDir();
  std::string file = absl::StrCat(tmp_dir, "/signo_", signo);

  std::string exit_regex = absl::StrCat(
      "\\*\\*\\* ", absl::debugging_internal::FailureSignalToString(signo),
      " received at time=");
#ifndef _WIN32

            

Reported by FlawFinder.

StrCat - Does not check for buffer overflows when concatenating to destination [MS-banned]
Security

Line: 102 Column: 34 CWE codes: 120

                std::string tmp_dir = GetTmpDir();
  std::string file = absl::StrCat(tmp_dir, "/signo_", signo);

  std::string exit_regex = absl::StrCat(
      "\\*\\*\\* ", absl::debugging_internal::FailureSignalToString(signo),
      " received at time=");
#ifndef _WIN32
  EXPECT_EXIT(InstallHandlerWithWriteToFileAndRaise(file.c_str(), signo),
              testing::KilledBySignal(signo), exit_regex);

            

Reported by FlawFinder.

StrCat - Does not check for buffer overflows when concatenating to destination [MS-banned]
Security

Line: 121 Column: 24 CWE codes: 120

                std::getline(error_output, error_line);
  EXPECT_THAT(
      error_line,
      StartsWith(absl::StrCat(
          "*** ", absl::debugging_internal::FailureSignalToString(signo),
          " received at ")));

  // On platforms where it is possible to get the current CPU, the
  // CPU number is also logged. Check that it is present in output.

            

Reported by FlawFinder.

StrCat - Does not check for buffer overflows when concatenating to destination [MS-banned]
Security

Line: 148 Column: 20 CWE codes: 120

                std::string result =
      absl::debugging_internal::FailureSignalToString(info.param);
  if (result.empty()) {
    result = absl::StrCat(info.param);
  }
  return result;
}

INSTANTIATE_TEST_SUITE_P(AbslDeathTest, FailureSignalHandlerDeathTest,

            

Reported by FlawFinder.

getenv - Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once
Security

Line: 77 Column: 32 CWE codes: 807 20
Suggestion: Check environment variables carefully before using them

                static const char* const kTmpEnvVars[] = {"TEST_TMPDIR", "TMPDIR", "TEMP",
                                            "TEMPDIR", "TMP"};
  for (const char* const var : kTmpEnvVars) {
    const char* tmp_dir = std::getenv(var);
    if (tmp_dir != nullptr) {
      return tmp_dir;
    }
  }


            

Reported by FlawFinder.

fopen - Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents?
Security

Line: 89 Column: 16 CWE codes: 362

              
// This function runs in a fork()ed process on most systems.
void InstallHandlerWithWriteToFileAndRaise(const char* file, int signo) {
  error_file = fopen(file, "w");
  ABSL_RAW_CHECK(error_file != nullptr, "Failed create error_file");
  absl::FailureSignalHandlerOptions options;
  options.writerfn = WriteToErrorFile;
  absl::InstallFailureSignalHandler(options);
  raise(signo);

            

Reported by FlawFinder.

strlen - Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected)
Security

Line: 66 Column: 32 CWE codes: 126

              
void WriteToErrorFile(const char* msg) {
  if (msg != nullptr) {
    ABSL_RAW_CHECK(fwrite(msg, strlen(msg), 1, error_file) == 1,
                   "fwrite() failed");
  }
  ABSL_RAW_CHECK(fflush(error_file) == 0, "fflush() failed");
}


            

Reported by FlawFinder.