The following issues were found
src/test/fuzz/utxo_snapshot.cpp
3 issues
Line: 26
g_chain = &chain;
}
FUZZ_TARGET_INIT(utxo_snapshot, initialize_chain)
{
FuzzedDataProvider fuzzed_data_provider(buffer.data(), buffer.size());
std::unique_ptr<const TestingSetup> setup{MakeNoLogFileContext<const TestingSetup>()};
const auto& node = setup->m_node;
auto& chainman{*node.chainman};
Reported by Cppcheck.
Line: 38
Column: 37
CWE codes:
362
Assert(!chainman.SnapshotBlockhash());
{
CAutoFile outfile{fsbridge::fopen(snapshot_path, "wb"), SER_DISK, CLIENT_VERSION};
const auto file_data{ConsumeRandomLengthByteVector(fuzzed_data_provider)};
outfile << Span<const uint8_t>{file_data};
}
const auto ActivateFuzzedSnapshot{[&] {
Reported by FlawFinder.
Line: 44
Column: 36
CWE codes:
362
}
const auto ActivateFuzzedSnapshot{[&] {
CAutoFile infile{fsbridge::fopen(snapshot_path, "rb"), SER_DISK, CLIENT_VERSION};
SnapshotMetadata metadata;
try {
infile >> metadata;
} catch (const std::ios_base::failure&) {
return false;
Reported by FlawFinder.
src/test/net_tests.cpp
3 issues
Line: 131
Column: 18
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
BOOST_CHECK(addrman1.size() == 0);
try {
unsigned char pchMsgTmp[4];
ssPeers1 >> pchMsgTmp;
ssPeers1 >> addrman1;
} catch (const std::exception&) {
exceptionThrown = true;
}
Reported by FlawFinder.
Line: 162
Column: 18
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
CAddrMan addrman1;
BOOST_CHECK(addrman1.size() == 0);
try {
unsigned char pchMsgTmp[4];
ssPeers1 >> pchMsgTmp;
ssPeers1 >> addrman1;
} catch (const std::exception&) {
exceptionThrown = true;
}
Reported by FlawFinder.
Line: 806
Column: 5
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
struct sockaddr_in sa;
memset(&sa, 0, sizeof(sockaddr_in)); // initialize the memory block
memcpy(&(sa.sin_addr), &ip, sizeof(ip));
return CNetAddr(sa.sin_addr);
}
BOOST_AUTO_TEST_CASE(LimitedAndReachable_CNetAddr)
Reported by FlawFinder.
src/util/settings.cpp
3 issues
Line: 64
Column: 10
CWE codes:
362
errors.clear();
fsbridge::ifstream file;
file.open(path);
if (!file.is_open()) return true; // Ok for file not to exist.
SettingsValue in;
if (!in.read(std::string{std::istreambuf_iterator<char>(file), std::istreambuf_iterator<char>()})) {
errors.emplace_back(strprintf("Unable to parse settings file %s", path.string()));
Reported by FlawFinder.
Line: 104
Column: 10
CWE codes:
362
out.__pushKV(value.first, value.second);
}
fsbridge::ofstream file;
file.open(path);
if (file.fail()) {
errors.emplace_back(strprintf("Error: Unable to open settings file %s for writing", path.string()));
return false;
}
file << out.write(/* prettyIndent= */ 1, /* indentLevel= */ 4) << std::endl;
Reported by FlawFinder.
Line: 68
Column: 13
CWE codes:
120
20
if (!file.is_open()) return true; // Ok for file not to exist.
SettingsValue in;
if (!in.read(std::string{std::istreambuf_iterator<char>(file), std::istreambuf_iterator<char>()})) {
errors.emplace_back(strprintf("Unable to parse settings file %s", path.string()));
return false;
}
if (file.fail()) {
Reported by FlawFinder.
src/util/sock.cpp
3 issues
Line: 209
Column: 9
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
strprintf("Received too many bytes without a terminator (%u)", data.size()));
}
char buf[512];
const ssize_t peek_ret{Recv(buf, std::min(sizeof(buf), max_data - data.size()), MSG_PEEK)};
switch (peek_ret) {
case -1: {
Reported by FlawFinder.
Line: 297
Column: 5
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
#ifdef WIN32
std::string NetworkErrorString(int err)
{
wchar_t buf[256];
buf[0] = 0;
if(FormatMessageW(FORMAT_MESSAGE_FROM_SYSTEM | FORMAT_MESSAGE_IGNORE_INSERTS | FORMAT_MESSAGE_MAX_WIDTH_MASK,
nullptr, err, MAKELANGID(LANG_NEUTRAL, SUBLANG_DEFAULT),
buf, ARRAYSIZE(buf), nullptr))
{
Reported by FlawFinder.
Line: 313
Column: 5
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
#else
std::string NetworkErrorString(int err)
{
char buf[256];
buf[0] = 0;
/* Too bad there are two incompatible implementations of the
* thread-safe strerror. */
const char *s;
#ifdef STRERROR_R_CHAR_P /* GNU variant can return a pointer outside the passed buffer */
Reported by FlawFinder.
src/validation.cpp
3 issues
Line: 3107
Column: 9
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
out.scriptPubKey[3] = 0x21;
out.scriptPubKey[4] = 0xa9;
out.scriptPubKey[5] = 0xed;
memcpy(&out.scriptPubKey[6], witnessroot.begin(), 32);
commitment = std::vector<unsigned char>(out.scriptPubKey.begin(), out.scriptPubKey.end());
CMutableTransaction tx(*block.vtx[0]);
tx.vout.push_back(out);
block.vtx[0] = MakeTransactionRef(std::move(tx));
}
Reported by FlawFinder.
Line: 4166
Column: 26
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
unsigned int nSize = 0;
try {
// locate a header
unsigned char buf[CMessageHeader::MESSAGE_START_SIZE];
blkdat.FindByte(m_params.MessageStart()[0]);
nRewind = blkdat.GetPos()+1;
blkdat >> buf;
if (memcmp(buf, m_params.MessageStart(), CMessageHeader::MESSAGE_START_SIZE)) {
continue;
Reported by FlawFinder.
Line: 3215
Column: 19
CWE codes:
126
Suggestion:
This function is often discouraged by most C++ coding standards in favor of its safer alternatives provided since C++14. Consider using a form of this function that checks the second iterator before potentially overflowing it
{
CScript expect = CScript() << nHeight;
if (block.vtx[0]->vin[0].scriptSig.size() < expect.size() ||
!std::equal(expect.begin(), expect.end(), block.vtx[0]->vin[0].scriptSig.begin())) {
return state.Invalid(BlockValidationResult::BLOCK_CONSENSUS, "bad-cb-height", "block height mismatch in coinbase");
}
}
// Validation for witness commitments.
Reported by FlawFinder.
src/leveldb/util/testharness.cc
3 issues
Line: 41
Column: 25
CWE codes:
807
20
Suggestion:
Check environment variables carefully before using them
}
int RunAllTests() {
const char* matcher = getenv("LEVELDB_TESTS");
int num = 0;
if (tests != nullptr) {
for (size_t i = 0; i < tests->size(); i++) {
const Test& t = (*tests)[i];
Reported by FlawFinder.
Line: 72
Column: 21
CWE codes:
807
20
Suggestion:
Check environment variables carefully before using them
}
int RandomSeed() {
const char* env = getenv("TEST_RANDOM_SEED");
int result = (env != nullptr ? atoi(env) : 301);
if (result <= 0) {
result = 301;
}
return result;
Reported by FlawFinder.
Line: 73
Column: 34
CWE codes:
190
Suggestion:
If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended)
int RandomSeed() {
const char* env = getenv("TEST_RANDOM_SEED");
int result = (env != nullptr ? atoi(env) : 301);
if (result <= 0) {
result = 301;
}
return result;
}
Reported by FlawFinder.
test/functional/feature_reindex.py
3 issues
Line: 9
Column: 1
- Start a single node and generate 3 blocks.
- Stop the node and restart it with -reindex. Verify that the node has reindexed up to block 3.
- Stop the node and restart it with -reindex-chainstate. Verify that the node has reindexed up to block 3.
"""
from test_framework.test_framework import BitcoinTestFramework
from test_framework.util import assert_equal
Reported by Pylint.
Line: 16
Column: 1
from test_framework.util import assert_equal
class ReindexTest(BitcoinTestFramework):
def set_test_params(self):
self.setup_clean_chain = True
self.num_nodes = 1
def reindex(self, justchainstate=False):
Reported by Pylint.
Line: 21
Column: 5
self.setup_clean_chain = True
self.num_nodes = 1
def reindex(self, justchainstate=False):
self.nodes[0].generatetoaddress(3, self.nodes[0].get_deterministic_priv_key().address)
blockcount = self.nodes[0].getblockcount()
self.stop_nodes()
extra_args = [["-reindex-chainstate" if justchainstate else "-reindex"]]
self.start_nodes(extra_args)
Reported by Pylint.
src/leveldb/util/bloom_test.cc
3 issues
Line: 83
std::vector<std::string> keys_;
};
TEST(BloomTest, EmptyFilter) {
ASSERT_TRUE(!Matches("hello"));
ASSERT_TRUE(!Matches("world"));
}
TEST(BloomTest, Small) {
Reported by Cppcheck.
Line: 67
Column: 5
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
}
double FalsePositiveRate() {
char buffer[sizeof(int)];
int result = 0;
for (int i = 0; i < 10000; i++) {
if (Matches(Key(i + 1000000000, buffer))) {
result++;
}
Reported by FlawFinder.
Line: 111
Column: 3
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
}
TEST(BloomTest, VaryingLengths) {
char buffer[sizeof(int)];
// Count number of filters that significantly exceed the false positive rate
int mediocre_filters = 0;
int good_filters = 0;
Reported by FlawFinder.
src/leveldb/issues/issue320_test.cc
3 issues
Line: 42
class Issue320 {};
TEST(Issue320, Test) {
std::srand(0);
bool delete_before_put = false;
bool keep_snapshots = true;
Reported by Cppcheck.
Line: 43
Column: 8
CWE codes:
327
Suggestion:
Use a more secure technique for acquiring random values
class Issue320 {};
TEST(Issue320, Test) {
std::srand(0);
bool delete_before_put = false;
bool keep_snapshots = true;
std::vector<std::unique_ptr<std::pair<std::string, std::string>>> test_map(
Reported by FlawFinder.
Line: 25
Column: 3
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
std::string CreateRandomString(int32_t index) {
static const size_t len = 1024;
char bytes[len];
size_t i = 0;
while (i < 8) {
bytes[i] = 'a' + ((index >> (4 * i)) & 0xf);
++i;
}
Reported by FlawFinder.
test/functional/mempool_resurrect.py
3 issues
Line: 13
Column: 1
from test_framework.wallet import MiniWallet
class MempoolCoinbaseTest(BitcoinTestFramework):
def set_test_params(self):
self.num_nodes = 1
self.setup_clean_chain = True
def run_test(self):
Reported by Pylint.
Line: 47
Suggestion:
https://bandit.readthedocs.io/en/latest/plugins/b101_assert_used.html
assert_equal(set(node.getrawmempool()), set())
confirmed_txns = set(node.getblock(blocks[0])['tx'] + node.getblock(blocks[1])['tx'])
# Checks that all spend txns are contained in the mined blocks
assert spends_ids < confirmed_txns
# Use invalidateblock to re-org back
node.invalidateblock(blocks[0])
# All txns should be back in mempool with 0 confirmations
Reported by Bandit.
Line: 60
Suggestion:
https://bandit.readthedocs.io/en/latest/plugins/b101_assert_used.html
# mempool should be empty, all txns confirmed
assert_equal(set(node.getrawmempool()), set())
confirmed_txns = set(node.getblock(blocks[0])['tx'])
assert spends_ids < confirmed_txns
if __name__ == '__main__':
MempoolCoinbaseTest().main()
Reported by Bandit.