The following issues were found
Lib/test/test_threadedtempfile.py
9 issues
Line: 22
Column: 1
import unittest
import io
import threading
from traceback import print_exc
NUM_THREADS = 20
FILES_PER_THREAD = 50
Reported by Pylint.
Line: 37
Column: 9
ok_count = 0
def run(self):
self.errors = io.StringIO()
startEvent.wait()
for i in range(FILES_PER_THREAD):
try:
f = tempfile.TemporaryFile("w+b")
f.close()
Reported by Pylint.
Line: 39
Column: 13
def run(self):
self.errors = io.StringIO()
startEvent.wait()
for i in range(FILES_PER_THREAD):
try:
f = tempfile.TemporaryFile("w+b")
f.close()
except:
self.error_count += 1
Reported by Pylint.
Line: 43
Column: 13
try:
f = tempfile.TemporaryFile("w+b")
f.close()
except:
self.error_count += 1
print_exc(file=self.errors)
else:
self.ok_count += 1
Reported by Pylint.
Line: 32
Column: 1
startEvent = threading.Event()
class TempFileGreedy(threading.Thread):
error_count = 0
ok_count = 0
def run(self):
self.errors = io.StringIO()
Reported by Pylint.
Line: 41
Column: 17
startEvent.wait()
for i in range(FILES_PER_THREAD):
try:
f = tempfile.TemporaryFile("w+b")
f.close()
except:
self.error_count += 1
print_exc(file=self.errors)
else:
Reported by Pylint.
Line: 50
Column: 1
self.ok_count += 1
class ThreadedTempFileTest(unittest.TestCase):
def test_main(self):
threads = [TempFileGreedy() for i in range(NUM_THREADS)]
with threading_helper.start_threads(threads, startEvent.set):
pass
ok = sum(t.ok_count for t in threads)
Reported by Pylint.
Line: 51
Column: 5
class ThreadedTempFileTest(unittest.TestCase):
def test_main(self):
threads = [TempFileGreedy() for i in range(NUM_THREADS)]
with threading_helper.start_threads(threads, startEvent.set):
pass
ok = sum(t.ok_count for t in threads)
errors = [str(t.name) + str(t.errors.getvalue())
Reported by Pylint.
Line: 55
Column: 9
threads = [TempFileGreedy() for i in range(NUM_THREADS)]
with threading_helper.start_threads(threads, startEvent.set):
pass
ok = sum(t.ok_count for t in threads)
errors = [str(t.name) + str(t.errors.getvalue())
for t in threads if t.error_count]
msg = "Errors: errors %d ok %d\n%s" % (len(errors), ok,
'\n'.join(errors))
Reported by Pylint.
Modules/_posixsubprocess.c
9 issues
Line: 957
CWE codes:
908
p2cread, p2cwrite, c2pread, c2pwrite,
errread, errwrite, errpipe_read, errpipe_write,
close_fds, restore_signals, call_setsid,
call_setgid, gid, call_setgroups, num_groups, groups,
call_setuid, uid, child_umask, old_sigmask,
py_fds_to_keep, preexec_fn, preexec_fn_args_tuple);
/* Parent (original) process */
if (pid == -1) {
Reported by Cppcheck.
Line: 958
CWE codes:
908
errread, errwrite, errpipe_read, errpipe_write,
close_fds, restore_signals, call_setsid,
call_setgid, gid, call_setgroups, num_groups, groups,
call_setuid, uid, child_umask, old_sigmask,
py_fds_to_keep, preexec_fn, preexec_fn_args_tuple);
/* Parent (original) process */
if (pid == -1) {
/* Capture errno for the exception. */
Reported by Cppcheck.
Line: 605
Column: 13
CWE codes:
78
Suggestion:
try using a library call that implements the same functionality if available
if (envp) {
execve(executable, argv, envp);
} else {
execv(executable, argv);
}
if (errno != ENOENT && errno != ENOTDIR && saved_errno == 0) {
saved_errno = errno;
}
}
Reported by FlawFinder.
Line: 251
Column: 4
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
long long d_off;
unsigned short d_reclen; /* Length of this linux_dirent */
unsigned char d_type;
char d_name[256]; /* Filename (null-terminated) */
};
/* Close all open file descriptors in the range from start_fd and higher
* Do not close any in the sorted py_fds_to_keep list.
*
Reported by FlawFinder.
Line: 280
Column: 9
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
_close_fds_by_brute_force(start_fd, py_fds_to_keep);
return;
} else {
char buffer[sizeof(struct linux_dirent64)];
int bytes;
while ((bytes = syscall(SYS_getdents64, fd_dir_fd,
(struct linux_dirent64 *)buffer,
sizeof(buffer))) > 0) {
struct linux_dirent64 *entry;
Reported by FlawFinder.
Line: 477
Column: 5
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
PyObject *result;
const char* err_msg = "";
/* Buffer large enough to hold a hex integer. We can't malloc. */
char hex_errno[sizeof(saved_errno)*2+1];
if (make_inheritable(py_fds_to_keep, errpipe_write) < 0)
goto error;
/* Close parent's pipe ends. */
Reported by FlawFinder.
Line: 683
Column: 15
CWE codes:
362
Suggestion:
Use fork() instead
assert(!call_setgroups);
assert(preexec_fn == Py_None);
pid = vfork();
} else
#endif
{
pid = fork();
}
Reported by FlawFinder.
Line: 539
Column: 9
CWE codes:
732
POSIX_CALL(chdir(cwd));
if (child_umask >= 0)
umask(child_umask); /* umask() always succeeds. */
if (restore_signals)
_Py_RestoreSignals();
#ifdef VFORK_USABLE
Reported by FlawFinder.
Line: 640
Column: 51
CWE codes:
126
* The parent process will look the error message up. */
} else {
_Py_write_noraise(errpipe_write, "SubprocessError:0:", 18);
_Py_write_noraise(errpipe_write, err_msg, strlen(err_msg));
}
}
/* The main purpose of this wrapper function is to isolate vfork() from both
Reported by FlawFinder.
Modules/expat/xmltok.c
9 issues
Line: 188
Column: 12
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
struct normal_encoding {
ENCODING enc;
unsigned char type[256];
#ifdef XML_MIN_SIZE
int(PTRFASTCALL *byteType)(const ENCODING *, const char *);
int(PTRFASTCALL *isNameMin)(const ENCODING *, const char *);
int(PTRFASTCALL *isNmstrtMin)(const ENCODING *, const char *);
int(PTRFASTCALL *byteToAscii)(const ENCODING *, const char *);
Reported by FlawFinder.
Line: 385
Column: 5
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
{
const ptrdiff_t bytesToCopy = fromLim - *fromP;
memcpy(*toP, *fromP, bytesToCopy);
*fromP += bytesToCopy;
*toP += bytesToCopy;
}
if (output_exhausted) /* needs to go first */
Reported by FlawFinder.
Line: 1036
Column: 3
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static int
toAscii(const ENCODING *enc, const char *ptr, const char *end) {
char buf[1];
char *p = buf;
XmlUtf8Convert(enc, &ptr, end, &p, p + 1);
if (p == buf)
return -1;
else
Reported by FlawFinder.
Line: 1065
Column: 8
CWE codes:
362
const char **namePtr, const char **nameEndPtr,
const char **valPtr, const char **nextTokPtr) {
int c;
char open;
if (ptr == end) {
*namePtr = NULL;
return 1;
}
if (! isSpace(toAscii(enc, ptr, end))) {
Reported by FlawFinder.
Line: 1124
Column: 14
CWE codes:
362
*valPtr = ptr;
for (;; ptr += enc->minBytesPerChar) {
c = toAscii(enc, ptr, end);
if (c == open)
break;
if (! (ASCII_a <= c && c <= ASCII_z) && ! (ASCII_A <= c && c <= ASCII_Z)
&& ! (ASCII_0 <= c && c <= ASCII_9) && c != ASCII_PERIOD
&& c != ASCII_MINUS && c != ASCII_UNDERSCORE) {
*nextTokPtr = ptr;
Reported by FlawFinder.
Line: 1314
Column: 3
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
CONVERTER convert;
void *userData;
unsigned short utf16[256];
char utf8[256][4];
};
#define AS_UNKNOWN_ENCODING(enc) ((const struct unknown_encoding *)(enc))
int
Reported by FlawFinder.
Line: 1353
Column: 3
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
unknown_toUtf8(const ENCODING *enc, const char **fromP, const char *fromLim,
char **toP, const char *toLim) {
const struct unknown_encoding *uenc = AS_UNKNOWN_ENCODING(enc);
char buf[XML_UTF8_ENCODE_MAX];
for (;;) {
const char *utf8;
int n;
if (*fromP == fromLim)
return XML_CONVERT_COMPLETED;
Reported by FlawFinder.
Line: 1374
Column: 5
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
return XML_CONVERT_OUTPUT_EXHAUSTED;
(*fromP)++;
}
memcpy(*toP, utf8, n);
*toP += n;
}
}
static enum XML_Convert_Result PTRCALL
Reported by FlawFinder.
Line: 1405
Column: 3
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
void *userData) {
int i;
struct unknown_encoding *e = (struct unknown_encoding *)mem;
memcpy(mem, &latin1_encoding, sizeof(struct normal_encoding));
for (i = 0; i < 128; i++)
if (latin1_encoding.type[i] != BT_OTHER
&& latin1_encoding.type[i] != BT_NONXML && table[i] != i)
return 0;
for (i = 0; i < 256; i++) {
Reported by FlawFinder.
Modules/sha256module.c
9 issues
Line: 86
Column: 5
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
dest->digestsize = src->digestsize;
dest->count_lo = src->count_lo;
dest->count_hi = src->count_hi;
memcpy(dest->digest, src->digest, sizeof(src->digest));
memcpy(dest->data, src->data, sizeof(src->data));
}
/* ------------------------------------------------------------------------
Reported by FlawFinder.
Line: 87
Column: 5
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
dest->count_lo = src->count_lo;
dest->count_hi = src->count_hi;
memcpy(dest->digest, src->digest, sizeof(src->digest));
memcpy(dest->data, src->data, sizeof(src->data));
}
/* ------------------------------------------------------------------------
*
Reported by FlawFinder.
Line: 135
Column: 5
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
int i;
SHA_INT32 S[8], W[64], t0, t1;
memcpy(W, sha_info->data, sizeof(sha_info->data));
#if PY_LITTLE_ENDIAN
longReverse(W, (int)sizeof(sha_info->data));
#endif
for (i = 16; i < 64; ++i) {
Reported by FlawFinder.
Line: 286
Column: 9
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (i > count) {
i = count;
}
memcpy(((SHA_BYTE *) sha_info->data) + sha_info->local, buffer, i);
count -= i;
buffer += i;
sha_info->local += (int)i;
if (sha_info->local == SHA_BLOCKSIZE) {
sha_transform(sha_info);
Reported by FlawFinder.
Line: 298
Column: 9
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
}
}
while (count >= SHA_BLOCKSIZE) {
memcpy(sha_info->data, buffer, SHA_BLOCKSIZE);
buffer += SHA_BLOCKSIZE;
count -= SHA_BLOCKSIZE;
sha_transform(sha_info);
}
memcpy(sha_info->data, buffer, count);
Reported by FlawFinder.
Line: 303
Column: 5
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
count -= SHA_BLOCKSIZE;
sha_transform(sha_info);
}
memcpy(sha_info->data, buffer, count);
sha_info->local = (int)count;
}
/* finish computing the SHA digest */
Reported by FlawFinder.
Line: 310
Column: 20
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
/* finish computing the SHA digest */
static void
sha_final(unsigned char digest[SHA_DIGESTSIZE], SHAobject *sha_info)
{
int count;
SHA_INT32 lo_bit_count, hi_bit_count;
lo_bit_count = sha_info->count_lo;
Reported by FlawFinder.
Line: 458
Column: 14
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
SHA256Type_digest_impl(SHAobject *self)
/*[clinic end generated code: output=46616a5e909fbc3d input=f1f4cfea5cbde35c]*/
{
unsigned char digest[SHA_DIGESTSIZE];
SHAobject temp;
SHAcopy(self, &temp);
sha_final(digest, &temp);
return PyBytes_FromStringAndSize((const char *)digest, self->digestsize);
Reported by FlawFinder.
Line: 476
Column: 14
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
SHA256Type_hexdigest_impl(SHAobject *self)
/*[clinic end generated code: output=725f8a7041ae97f3 input=0cc4c714693010d1]*/
{
unsigned char digest[SHA_DIGESTSIZE];
SHAobject temp;
/* Get the raw (binary) digest value */
SHAcopy(self, &temp);
sha_final(digest, &temp);
Reported by FlawFinder.
Lib/wsgiref/headers.py
9 issues
Line: 19
Column: 9
This will quote the value if needed or if quote is true.
"""
if value is not None and len(value) > 0:
if quote or tspecials.search(value):
value = value.replace('\\', '\\\\').replace('"', r'\"')
return '%s="%s"' % (param, value)
else:
return '%s=%s' % (param, value)
else:
Reported by Pylint.
Line: 33
Column: 12
def __init__(self, headers=None):
headers = headers if headers is not None else []
if type(headers) is not list:
raise TypeError("Headers must be a list of name/value tuples")
self._headers = headers
if __debug__:
for k, v in headers:
self._convert_string_type(k)
Reported by Pylint.
Line: 37
Column: 20
raise TypeError("Headers must be a list of name/value tuples")
self._headers = headers
if __debug__:
for k, v in headers:
self._convert_string_type(k)
self._convert_string_type(v)
def _convert_string_type(self, value):
"""Convert/check value type."""
Reported by Pylint.
Line: 41
Column: 5
self._convert_string_type(k)
self._convert_string_type(v)
def _convert_string_type(self, value):
"""Convert/check value type."""
if type(value) is str:
return value
raise AssertionError("Header names/values must be"
" of type str (got {0})".format(repr(value)))
Reported by Pylint.
Line: 43
Column: 12
def _convert_string_type(self, value):
"""Convert/check value type."""
if type(value) is str:
return value
raise AssertionError("Header names/values must be"
" of type str (got {0})".format(repr(value)))
def __len__(self):
Reported by Pylint.
Line: 97
Column: 15
def get(self,name,default=None):
"""Get the first header value for 'name', or return 'default'"""
name = self._convert_string_type(name.lower())
for k,v in self._headers:
if k.lower()==name:
return v
return default
Reported by Pylint.
Line: 150
Column: 9
If there is no header named 'name', add a new header with name 'name'
and value 'value'."""
result = self.get(name)
if result is None:
self._headers.append((self._convert_string_type(name),
self._convert_string_type(value)))
return value
else:
return result
Reported by Pylint.
Line: 177
Column: 16
if _value is not None:
_value = self._convert_string_type(_value)
parts.append(_value)
for k, v in _params.items():
k = self._convert_string_type(k)
if v is None:
parts.append(k.replace('_', '-'))
else:
v = self._convert_string_type(v)
Reported by Pylint.
Line: 182
Column: 17
if v is None:
parts.append(k.replace('_', '-'))
else:
v = self._convert_string_type(v)
parts.append(_formatparam(k.replace('_', '-'), v))
self._headers.append((self._convert_string_type(_name), "; ".join(parts)))
Reported by Pylint.
Tools/c-analyzer/c_parser/preprocessor/errors.py
9 issues
Line: 20
Column: 1
"""Something preprocessor-related went wrong."""
@classmethod
def _msg(cls, filename, reason, **ignored):
msg = 'failure while preprocessing'
if reason:
msg = f'{msg} ({reason})'
return msg
Reported by Pylint.
Line: 20
Column: 19
"""Something preprocessor-related went wrong."""
@classmethod
def _msg(cls, filename, reason, **ignored):
msg = 'failure while preprocessing'
if reason:
msg = f'{msg} ({reason})'
return msg
Reported by Pylint.
Line: 45
Column: 5
"""The preprocessor command failed."""
@classmethod
def _msg(cls, error, **ignored):
msg = 'preprocessor command failed'
if error:
msg = f'{msg} {error}'
return msg
Reported by Pylint.
Line: 84
Column: 5
"""The preprocessor did not have access to all the target's dependencies."""
@classmethod
def _msg(cls, missing, **ignored):
msg = 'preprocessing failed due to missing dependencies'
if missing:
msg = f'{msg} ({", ".join(missing)})'
return msg
Reported by Pylint.
Line: 90
Column: 5
msg = f'{msg} ({", ".join(missing)})'
return msg
def __init__(self, filename, missing=None, *args, **kwargs):
self.missing = _as_tuple(missing) or None
super().__init__(filename, *args, **kwargs)
Reported by Pylint.
Line: 100
Column: 5
"""The target is not compatible with the host OS."""
@classmethod
def _msg(cls, expected, **ignored):
return f'OS is {OS} but expected {expected or "???"}'
def __init__(self, filename, expected=None, *args, **kwargs):
if isinstance(expected, str):
expected = expected.strip()
Reported by Pylint.
Line: 103
Column: 5
def _msg(cls, expected, **ignored):
return f'OS is {OS} but expected {expected or "???"}'
def __init__(self, filename, expected=None, *args, **kwargs):
if isinstance(expected, str):
expected = expected.strip()
self.actual = OS
self.expected = expected if expected else None
Reported by Pylint.
Line: 1
Column: 1
import sys
OS = sys.platform
def _as_tuple(items):
if isinstance(items, str):
return tuple(items.strip().replace(',', ' ').split())
Reported by Pylint.
Line: 8
Column: 5
def _as_tuple(items):
if isinstance(items, str):
return tuple(items.strip().replace(',', ' ').split())
elif items:
return tuple(items)
else:
return ()
Reported by Pylint.
Lib/test/test_urllib_response.py
9 issues
Line: 19
Column: 40
def test_with(self):
addbase = urllib.response.addbase(self.fp)
self.assertIsInstance(addbase, tempfile._TemporaryFileWrapper)
def f():
with addbase as spam:
pass
self.assertFalse(self.fp.closed)
Reported by Pylint.
Line: 22
Column: 29
self.assertIsInstance(addbase, tempfile._TemporaryFileWrapper)
def f():
with addbase as spam:
pass
self.assertFalse(self.fp.closed)
f()
self.assertTrue(self.fp.closed)
self.assertRaises(ValueError, f)
Reported by Pylint.
Line: 8
Column: 1
import urllib.response
import unittest
class TestResponse(unittest.TestCase):
def setUp(self):
self.sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
self.fp = self.sock.makefile('rb')
self.test_headers = {"Host": "www.python.org",
Reported by Pylint.
Line: 12
Column: 9
def setUp(self):
self.sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
self.fp = self.sock.makefile('rb')
self.test_headers = {"Host": "www.python.org",
"Connection": "close"}
def test_with(self):
addbase = urllib.response.addbase(self.fp)
Reported by Pylint.
Line: 16
Column: 5
self.test_headers = {"Host": "www.python.org",
"Connection": "close"}
def test_with(self):
addbase = urllib.response.addbase(self.fp)
self.assertIsInstance(addbase, tempfile._TemporaryFileWrapper)
def f():
Reported by Pylint.
Line: 21
Column: 9
self.assertIsInstance(addbase, tempfile._TemporaryFileWrapper)
def f():
with addbase as spam:
pass
self.assertFalse(self.fp.closed)
f()
self.assertTrue(self.fp.closed)
Reported by Pylint.
Line: 29
Column: 5
self.assertTrue(self.fp.closed)
self.assertRaises(ValueError, f)
def test_addclosehook(self):
closehook_called = False
def closehook():
nonlocal closehook_called
closehook_called = True
Reported by Pylint.
Line: 42
Column: 5
self.assertTrue(self.fp.closed)
self.assertTrue(closehook_called)
def test_addinfo(self):
info = urllib.response.addinfo(self.fp, self.test_headers)
self.assertEqual(info.info(), self.test_headers)
self.assertEqual(info.headers, self.test_headers)
def test_addinfourl(self):
Reported by Pylint.
Line: 47
Column: 5
self.assertEqual(info.info(), self.test_headers)
self.assertEqual(info.headers, self.test_headers)
def test_addinfourl(self):
url = "http://www.python.org"
code = 200
infourl = urllib.response.addinfourl(self.fp, self.test_headers,
url, code)
self.assertEqual(infourl.info(), self.test_headers)
Reported by Pylint.
Modules/_decimal/libmpdec/transpose.c
9 issues
Line: 120
Column: 13
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
stride = (offset + b < cols/2) ? b : cols/2-offset;
hp = matrix + hn*cols/2;
memcpy(readbuf, hp+offset, stride*(sizeof *readbuf));
pointerswap(&readbuf, &writebuf);
next = mulmod_size_t(hn, r, m);
hp = matrix + next*cols/2;
Reported by FlawFinder.
Line: 128
Column: 17
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
while (next != hn) {
memcpy(readbuf, hp+offset, stride*(sizeof *readbuf));
memcpy(hp+offset, writebuf, stride*(sizeof *writebuf));
pointerswap(&readbuf, &writebuf);
done[next/dbits] |= mpd_bits[next%dbits];
Reported by FlawFinder.
Line: 129
Column: 17
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
while (next != hn) {
memcpy(readbuf, hp+offset, stride*(sizeof *readbuf));
memcpy(hp+offset, writebuf, stride*(sizeof *writebuf));
pointerswap(&readbuf, &writebuf);
done[next/dbits] |= mpd_bits[next%dbits];
next = mulmod_size_t(next, r, m);
Reported by FlawFinder.
Line: 139
Column: 13
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
}
memcpy(hp+offset, writebuf, stride*(sizeof *writebuf));
done[hn/dbits] |= mpd_bits[hn%dbits];
}
}
Reported by FlawFinder.
Line: 195
Column: 17
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
from = matrix + r*size + c;
to = buf1;
for (i = 0; i < b; i++) {
memcpy(to, from, b*(sizeof *to));
from += size;
to += b;
}
squaretrans(buf1, b);
Reported by FlawFinder.
Line: 205
Column: 21
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
to = matrix + r*size + c;
from = buf1;
for (i = 0; i < b; i++) {
memcpy(to, from, b*(sizeof *to));
from += b;
to += size;
}
continue;
}
Reported by FlawFinder.
Line: 215
Column: 21
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
from = matrix + c*size + r;
to = buf2;
for (i = 0; i < b; i++) {
memcpy(to, from, b*(sizeof *to));
from += size;
to += b;
}
squaretrans(buf2, b);
Reported by FlawFinder.
Line: 224
Column: 21
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
to = matrix + c*size + r;
from = buf1;
for (i = 0; i < b; i++) {
memcpy(to, from, b*(sizeof *to));
from += b;
to += size;
}
to = matrix + r*size + c;
Reported by FlawFinder.
Line: 232
Column: 21
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
to = matrix + r*size + c;
from = buf2;
for (i = 0; i < b; i++) {
memcpy(to, from, b*(sizeof *to));
from += b;
to += size;
}
}
}
Reported by FlawFinder.
Lib/test/test_repl.py
9 issues
Line: 92
Column: 9
user_input = dedent(user_input)
p = spawn_repl()
p.stdin.write(user_input)
output = kill_python(p)
self.assertEqual(p.returncode, 0)
def test_close_stdin(self):
user_input = dedent('''
import os
Reported by Pylint.
Line: 6
Suggestion:
https://bandit.readthedocs.io/en/latest/blacklists/blacklist_imports.html#b404-import-subprocess
import sys
import os
import unittest
import subprocess
from textwrap import dedent
from test.support import cpython_only, SuppressCrashReport
from test.support.script_helper import kill_python
def spawn_repl(*args, stdout=subprocess.PIPE, stderr=subprocess.STDOUT, **kw):
Reported by Bandit.
Line: 32
Suggestion:
https://bandit.readthedocs.io/en/latest/plugins/b603_subprocess_without_shell_equals_true.html
# test.support.script_helper.
env = kw.setdefault('env', dict(os.environ))
env['TERM'] = 'vt100'
return subprocess.Popen(cmd_line,
executable=sys.executable,
text=True,
stdin=subprocess.PIPE,
stdout=stdout, stderr=stderr,
**kw)
Reported by Bandit.
Line: 39
Column: 1
stdout=stdout, stderr=stderr,
**kw)
class TestInteractiveInterpreter(unittest.TestCase):
@cpython_only
def test_no_memory(self):
# Issue #30696: Fix the interactive interpreter looping endlessly when
# no memory. Check also that the fix does not break the interactive
Reported by Pylint.
Line: 42
Column: 5
class TestInteractiveInterpreter(unittest.TestCase):
@cpython_only
def test_no_memory(self):
# Issue #30696: Fix the interactive interpreter looping endlessly when
# no memory. Check also that the fix does not break the interactive
# loop when an exception is raised.
user_input = """
import sys, _testcapi
Reported by Pylint.
Line: 54
Column: 9
sys.exit(0)
"""
user_input = dedent(user_input)
p = spawn_repl()
with SuppressCrashReport():
p.stdin.write(user_input)
output = kill_python(p)
self.assertIn('After the exception.', output)
# Exit code 120: Py_FinalizeEx() failed to flush stdout and stderr.
Reported by Pylint.
Line: 63
Column: 5
self.assertIn(p.returncode, (1, 120))
@cpython_only
def test_multiline_string_parsing(self):
# bpo-39209: Multiline string tokens need to be handled in the tokenizer
# in two places: the interactive path and the non-interactive path.
user_input = '''\
x = """<?xml version="1.0" encoding="iso-8859-1"?>
<test>
Reported by Pylint.
Line: 90
Column: 9
</test>"""
'''
user_input = dedent(user_input)
p = spawn_repl()
p.stdin.write(user_input)
output = kill_python(p)
self.assertEqual(p.returncode, 0)
def test_close_stdin(self):
Reported by Pylint.
Line: 95
Column: 5
output = kill_python(p)
self.assertEqual(p.returncode, 0)
def test_close_stdin(self):
user_input = dedent('''
import os
print("before close")
os.close(0)
''')
Reported by Pylint.
Modules/sha512module.c
9 issues
Line: 74
Column: 5
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
dest->digestsize = src->digestsize;
dest->count_lo = src->count_lo;
dest->count_hi = src->count_hi;
memcpy(dest->digest, src->digest, sizeof(src->digest));
memcpy(dest->data, src->data, sizeof(src->data));
}
/* ------------------------------------------------------------------------
Reported by FlawFinder.
Line: 75
Column: 5
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
dest->count_lo = src->count_lo;
dest->count_hi = src->count_hi;
memcpy(dest->digest, src->digest, sizeof(src->digest));
memcpy(dest->data, src->data, sizeof(src->data));
}
/* ------------------------------------------------------------------------
*
Reported by FlawFinder.
Line: 123
Column: 5
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
int i;
SHA_INT64 S[8], W[80], t0, t1;
memcpy(W, sha_info->data, sizeof(sha_info->data));
#if PY_LITTLE_ENDIAN
longReverse(W, (int)sizeof(sha_info->data));
#endif
for (i = 16; i < 80; ++i) {
Reported by FlawFinder.
Line: 290
Column: 9
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (i > count) {
i = count;
}
memcpy(((SHA_BYTE *) sha_info->data) + sha_info->local, buffer, i);
count -= i;
buffer += i;
sha_info->local += (int)i;
if (sha_info->local == SHA_BLOCKSIZE) {
sha512_transform(sha_info);
Reported by FlawFinder.
Line: 302
Column: 9
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
}
}
while (count >= SHA_BLOCKSIZE) {
memcpy(sha_info->data, buffer, SHA_BLOCKSIZE);
buffer += SHA_BLOCKSIZE;
count -= SHA_BLOCKSIZE;
sha512_transform(sha_info);
}
memcpy(sha_info->data, buffer, count);
Reported by FlawFinder.
Line: 307
Column: 5
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
count -= SHA_BLOCKSIZE;
sha512_transform(sha_info);
}
memcpy(sha_info->data, buffer, count);
sha_info->local = (int)count;
}
/* finish computing the SHA digest */
Reported by FlawFinder.
Line: 314
Column: 23
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
/* finish computing the SHA digest */
static void
sha512_final(unsigned char digest[SHA_DIGESTSIZE], SHAobject *sha_info)
{
int count;
SHA_INT32 lo_bit_count, hi_bit_count;
lo_bit_count = sha_info->count_lo;
Reported by FlawFinder.
Line: 514
Column: 14
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
SHA512Type_digest_impl(SHAobject *self)
/*[clinic end generated code: output=1080bbeeef7dde1b input=f6470dd359071f4b]*/
{
unsigned char digest[SHA_DIGESTSIZE];
SHAobject temp;
SHAcopy(self, &temp);
sha512_final(digest, &temp);
return PyBytes_FromStringAndSize((const char *)digest, self->digestsize);
Reported by FlawFinder.
Line: 532
Column: 14
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
SHA512Type_hexdigest_impl(SHAobject *self)
/*[clinic end generated code: output=7373305b8601e18b input=498b877b25cbe0a2]*/
{
unsigned char digest[SHA_DIGESTSIZE];
SHAobject temp;
/* Get the raw (binary) digest value */
SHAcopy(self, &temp);
sha512_final(digest, &temp);
Reported by FlawFinder.