The following issues were found

src/bitcoind.cpp
1 issues
open - Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents?
Security

Line: 90 Column: 18 CWE codes: 362 

                  if (!noclose) {
        // Open /dev/null, and clone it into STDIN, STDOUT and STDERR to detach
        // from terminal.
        int fd = open("/dev/null", O_RDWR);
        if (fd >= 0) {
            bool err = dup2(fd, STDIN_FILENO) < 0 || dup2(fd, STDOUT_FILENO) < 0 || dup2(fd, STDERR_FILENO) < 0;
            // Don't close if fd<=2 to try to handle the case where the program was invoked without any file descriptors open.
            if (fd > 2) close(fd);
            if (err) {

Reported by FlawFinder.

src/script/sign.cpp
1 issues
char - Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues
Security

Line: 67 Column: 18 CWE codes: 119 120
Suggestion: Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length 

                      // For now, use the old full pubkey-based key derivation logic. As it indexed by
        // Hash160(full pubkey), we need to try both a version prefixed with 0x02, and one
        // with 0x03.
        unsigned char b[33] = {0x02};
        std::copy(pubkey.begin(), pubkey.end(), b + 1);
        CPubKey fullpubkey;
        fullpubkey.Set(b, b + 33);
        CKeyID keyid = fullpubkey.GetID();
        if (!provider.GetKey(keyid, key)) {

Reported by FlawFinder.

src/bitcoin-cli.cpp
1 issues
read - Check buffer boundaries if used in a loop including recursive loops
Security

Line: 787 Column: 19 CWE codes: 120 20 

              
    // Parse reply
    UniValue valReply(UniValue::VSTR);
    if (!valReply.read(response.body))
        throw std::runtime_error("couldn't parse reply from server");
    const UniValue reply = rh->ProcessReply(valReply);
    if (reply.empty())
        throw std::runtime_error("expected reply to have result, error and id properties");

Reported by FlawFinder.

src/psbt.h
1 issues
equal - Function does not check the second iterator for over-read conditions
Security

Line: 454 Column: 19 CWE codes: 126
Suggestion: This function is often discouraged by most C++ coding standards in favor of its safer alternatives provided since C++14. Consider using a form of this function that checks the second iterator before potentially overflowing it 

                      // Read the magic bytes
        uint8_t magic[5];
        s >> magic;
        if (!std::equal(magic, magic + 5, PSBT_MAGIC_BYTES)) {
            throw std::ios_base::failure("Invalid PSBT magic bytes");
        }

        // Used for duplicate key detection
        std::set<std::vector<unsigned char>> key_lookup;

Reported by FlawFinder.

test/functional/wallet_import_with_label.py
1 issues
Missing class docstring
Error

Line: 17 Column: 1 

              from test_framework.wallet_util import test_address


class ImportWithLabel(BitcoinTestFramework):
    def set_test_params(self):
        self.num_nodes = 2
        self.setup_clean_chain = True

    def skip_test_if_missing_module(self):

Reported by Pylint.

src/bench/mempool_stress.cpp
1 issues
Syntax Error: AST broken, 'for' doesn't have two operands.
Error

Line: 86 

                  CTxMemPool pool;
    LOCK2(cs_main, pool.cs);
    bench.run([&]() NO_THREAD_SAFETY_ANALYSIS {
        for (auto& tx : ordered_coins) {
            AddTx(tx, pool);
        }
        pool.TrimToSize(pool.DynamicMemoryUsage() * 3 / 4);
        pool.TrimToSize(GetVirtualTransactionSize(*ordered_coins.front()));
    });

Reported by Cppcheck.

build_msvc/testconsensus/testconsensus.cpp
1 issues
getchar - Check buffer boundaries if used in a loop including recursive loops
Security

Line: 51 Column: 5 CWE codes: 120 20 

                  auto op0Result = bitcoinconsensus_verify_script_with_amount(pubKeyScript.data(), pubKeyScript.size(), amount, stream.data(), stream.size(), 0, bitcoinconsensus_SCRIPT_FLAGS_VERIFY_ALL, &err);
    std::cout << "Op0 result: " << op0Result << ", error code " << err << std::endl;

    getchar();

    return 0;
}

Reported by FlawFinder.

src/bench/crypto_hash.cpp
1 issues
char - Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues
Security

Line: 112 Column: 14 CWE codes: 119 120
Suggestion: Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length 

              static void MuHash(benchmark::Bench& bench)
{
    MuHash3072 acc;
    unsigned char key[32] = {0};
    int i = 0;
    bench.run([&] {
        key[0] = ++i;
        acc *= MuHash3072(key);
    });

Reported by FlawFinder.

src/script/interpreter.cpp
1 issues
equal - Function does not check the second iterator for over-read conditions
Security

Line: 264 Column: 66 CWE codes: 126
Suggestion: This function is often discouraged by most C++ coding standards in favor of its safer alternatives provided since C++14. Consider using a form of this function that checks the second iterator before potentially overflowing it 

                  do
    {
        result.insert(result.end(), pc2, pc);
        while (static_cast<size_t>(end - pc) >= b.size() && std::equal(b.begin(), b.end(), pc))
        {
            pc = pc + b.size();
            ++nFound;
        }
        pc2 = pc;

Reported by FlawFinder.

src/bench/base58.cpp
1 issues
strlen - Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected)
Security

Line: 47 Column: 17 CWE codes: 126 

              {
    const char* addr = "17VZNX1SN5NtKa8UQFxwQbFeFc3iqRYhem";
    std::vector<unsigned char> vch;
    bench.batch(strlen(addr)).unit("byte").run([&] {
        (void) DecodeBase58(addr, vch, 64);
    });
}

Reported by FlawFinder.