The following issues were found
Modules/_sha3/cleanup.py
7 issues
Line: 20
Column: 9
KECCAK = os.path.join(HERE, "kcp")
def getfiles():
for name in os.listdir(KECCAK):
name = os.path.join(KECCAK, name)
if os.path.isfile(name):
yield name
def cleanup(f):
Reported by Pylint.
Line: 25
Column: 13
if os.path.isfile(name):
yield name
def cleanup(f):
buf = []
for line in f:
# mark all functions and global data as static
#if line.startswith(STATICS):
# buf.append("static " + line)
Reported by Pylint.
Line: 1
Column: 1
#!/usr/bin/env python
# Copyright (C) 2012 Christian Heimes (christian@python.org)
# Licensed to PSF under a Contributor Agreement.
#
# cleanup Keccak sources
import os
import re
Reported by Pylint.
Line: 19
Column: 1
HERE = os.path.dirname(os.path.abspath(__file__))
KECCAK = os.path.join(HERE, "kcp")
def getfiles():
for name in os.listdir(KECCAK):
name = os.path.join(KECCAK, name)
if os.path.isfile(name):
yield name
Reported by Pylint.
Line: 25
Column: 1
if os.path.isfile(name):
yield name
def cleanup(f):
buf = []
for line in f:
# mark all functions and global data as static
#if line.startswith(STATICS):
# buf.append("static " + line)
Reported by Pylint.
Line: 25
Column: 1
if os.path.isfile(name):
yield name
def cleanup(f):
buf = []
for line in f:
# mark all functions and global data as static
#if line.startswith(STATICS):
# buf.append("static " + line)
Reported by Pylint.
Line: 48
Column: 9
for name in getfiles():
with open(name) as f:
res = cleanup(f)
with open(name, "w") as f:
f.write(res)
Reported by Pylint.
Modules/timemodule.c
7 issues
Line: 533
Column: 9
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
#else
{
struct tm local = buf;
char zone[100];
time_t gmtoff;
strftime(zone, sizeof(zone), "%Z", &buf);
gmtoff = timegm(&buf) - when;
return tmtotuple(&local, zone, gmtoff);
}
Reported by FlawFinder.
Line: 921
Column: 18
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
{
/* Inspired by Open Group reference implementation available at
* http://pubs.opengroup.org/onlinepubs/009695399/functions/asctime.html */
static const char wday_name[7][4] = {
"Sun", "Mon", "Tue", "Wed", "Thu", "Fri", "Sat"
};
static const char mon_name[12][4] = {
"Jan", "Feb", "Mar", "Apr", "May", "Jun",
"Jul", "Aug", "Sep", "Oct", "Nov", "Dec"
Reported by FlawFinder.
Line: 924
Column: 18
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static const char wday_name[7][4] = {
"Sun", "Mon", "Tue", "Wed", "Thu", "Fri", "Sat"
};
static const char mon_name[12][4] = {
"Jan", "Feb", "Mar", "Apr", "May", "Jun",
"Jul", "Aug", "Sep", "Oct", "Nov", "Dec"
};
return PyUnicode_FromFormat(
"%s %s%3d %.2d:%.2d:%.2d %d",
Reported by FlawFinder.
Line: 1760
Column: 5
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
time_t t;
struct tm p;
time_t janzone_t, julyzone_t;
char janname[10], julyname[10];
t = (time((time_t *)0) / YEAR) * YEAR;
_PyTime_localtime(t, &p);
get_zone(janname, 9, &p);
janzone_t = -get_gmtoff(t, &p);
janname[9] = '\0';
Reported by FlawFinder.
Line: 718
Column: 21
CWE codes:
126
#ifdef HAVE_WCSFTIME
#define time_char wchar_t
#define format_time wcsftime
#define time_strlen wcslen
#else
#define time_char char
#define format_time strftime
#define time_strlen strlen
#endif
Reported by FlawFinder.
Line: 722
Column: 21
CWE codes:
126
#else
#define time_char char
#define format_time strftime
#define time_strlen strlen
#endif
static PyObject *
time_strftime(PyObject *self, PyObject *args)
{
Reported by FlawFinder.
Line: 1678
Column: 5
CWE codes:
120
get_zone(char *zone, int n, struct tm *p)
{
#ifdef HAVE_STRUCT_TM_TM_ZONE
strncpy(zone, p->tm_zone ? p->tm_zone : " ", n);
#else
tzset();
strftime(zone, n, "%Z", p);
#endif
}
Reported by FlawFinder.
Tools/freeze/bkfile.py
7 issues
Line: 3
Column: 1
from builtins import open as _orig_open
def open(file, mode='r', bufsize=-1):
if 'w' not in mode:
return _orig_open(file, mode, bufsize)
import os
backup = file + '~'
try:
os.unlink(backup)
Reported by Pylint.
Line: 1
Column: 1
from builtins import open as _orig_open
def open(file, mode='r', bufsize=-1):
if 'w' not in mode:
return _orig_open(file, mode, bufsize)
import os
backup = file + '~'
try:
os.unlink(backup)
Reported by Pylint.
Line: 3
Column: 1
from builtins import open as _orig_open
def open(file, mode='r', bufsize=-1):
if 'w' not in mode:
return _orig_open(file, mode, bufsize)
import os
backup = file + '~'
try:
os.unlink(backup)
Reported by Pylint.
Line: 6
Column: 5
def open(file, mode='r', bufsize=-1):
if 'w' not in mode:
return _orig_open(file, mode, bufsize)
import os
backup = file + '~'
try:
os.unlink(backup)
except OSError:
pass
Reported by Pylint.
Line: 16
Column: 5
os.rename(file, backup)
except OSError:
return _orig_open(file, mode, bufsize)
f = _orig_open(file, mode, bufsize)
_orig_close = f.close
def close():
_orig_close()
import filecmp
if filecmp.cmp(backup, file, shallow=False):
Reported by Pylint.
Line: 20
Column: 9
_orig_close = f.close
def close():
_orig_close()
import filecmp
if filecmp.cmp(backup, file, shallow=False):
import os
os.unlink(file)
os.rename(backup, file)
f.close = close
Reported by Pylint.
Line: 22
Column: 13
_orig_close()
import filecmp
if filecmp.cmp(backup, file, shallow=False):
import os
os.unlink(file)
os.rename(backup, file)
f.close = close
return f
Reported by Pylint.
Tools/freeze/makeconfig.py
7 issues
Line: 1
Column: 1
import re
import sys
# Write the config.c file
never = ['marshal', '_imp', '_ast', '__main__', 'builtins',
'sys', 'gc', '_warnings']
def makeconfig(infp, outfp, modules, with_ifdef=0):
Reported by Pylint.
Line: 9
Column: 1
never = ['marshal', '_imp', '_ast', '__main__', 'builtins',
'sys', 'gc', '_warnings']
def makeconfig(infp, outfp, modules, with_ifdef=0):
m1 = re.compile('-- ADDMODULE MARKER 1 --')
m2 = re.compile('-- ADDMODULE MARKER 2 --')
for line in infp:
outfp.write(line)
if m1 and m1.search(line):
Reported by Pylint.
Line: 10
Column: 5
'sys', 'gc', '_warnings']
def makeconfig(infp, outfp, modules, with_ifdef=0):
m1 = re.compile('-- ADDMODULE MARKER 1 --')
m2 = re.compile('-- ADDMODULE MARKER 2 --')
for line in infp:
outfp.write(line)
if m1 and m1.search(line):
m1 = None
Reported by Pylint.
Line: 11
Column: 5
def makeconfig(infp, outfp, modules, with_ifdef=0):
m1 = re.compile('-- ADDMODULE MARKER 1 --')
m2 = re.compile('-- ADDMODULE MARKER 2 --')
for line in infp:
outfp.write(line)
if m1 and m1.search(line):
m1 = None
for mod in modules:
Reported by Pylint.
Line: 15
Column: 13
for line in infp:
outfp.write(line)
if m1 and m1.search(line):
m1 = None
for mod in modules:
if mod in never:
continue
if with_ifdef:
outfp.write("#ifndef PyInit_%s\n"%mod)
Reported by Pylint.
Line: 25
Column: 13
if with_ifdef:
outfp.write("#endif\n")
elif m2 and m2.search(line):
m2 = None
for mod in modules:
if mod in never:
continue
outfp.write('\t{"%s", PyInit_%s},\n' %
(mod, mod))
Reported by Pylint.
Line: 39
Column: 1
# Test program.
def test():
if not sys.argv[3:]:
print('usage: python makeconfig.py config.c.in outputfile', end=' ')
print('modulename ...')
sys.exit(2)
if sys.argv[1] == '-':
Reported by Pylint.
Python/makeopcodetargets.py
7 issues
Line: 27
Column: 16
"""
modpath = os.path.join(
os.path.dirname(os.path.dirname(__file__)), "Lib", modname + ".py")
return SourceFileLoader(modname, modpath).load_module()
def write_contents(f):
"""Write C code contents to the target file object.
"""
Reported by Pylint.
Line: 27
Column: 16
"""
modpath = os.path.join(
os.path.dirname(os.path.dirname(__file__)), "Lib", modname + ".py")
return SourceFileLoader(modname, modpath).load_module()
def write_contents(f):
"""Write C code contents to the target file object.
"""
Reported by Pylint.
Line: 38
Column: 19
for opname, op in opcode.opmap.items():
targets[op] = "TARGET_%s" % opname
next_op = 1
for opname in opcode._specialized_instructions:
while targets[next_op] != '_unknown_opcode':
next_op += 1
targets[next_op] = "TARGET_%s" % opname
f.write("static void *opcode_targets[256] = {\n")
f.write(",\n".join([" &&%s" % s for s in targets]))
Reported by Pylint.
Line: 30
Column: 1
return SourceFileLoader(modname, modpath).load_module()
def write_contents(f):
"""Write C code contents to the target file object.
"""
opcode = find_module('opcode')
targets = ['_unknown_opcode'] * 256
for opname, op in opcode.opmap.items():
Reported by Pylint.
Line: 35
Column: 17
"""
opcode = find_module('opcode')
targets = ['_unknown_opcode'] * 256
for opname, op in opcode.opmap.items():
targets[op] = "TARGET_%s" % opname
next_op = 1
for opname in opcode._specialized_instructions:
while targets[next_op] != '_unknown_opcode':
next_op += 1
Reported by Pylint.
Line: 47
Column: 1
f.write("\n};\n")
def main():
if len(sys.argv) >= 3:
sys.exit("Too many arguments")
if len(sys.argv) == 2:
target = sys.argv[1]
else:
Reported by Pylint.
Line: 54
Column: 31
target = sys.argv[1]
else:
target = "Python/opcode_targets.h"
with open(target, "w") as f:
write_contents(f)
print("Jump table written into %s" % target)
if __name__ == "__main__":
Reported by Pylint.
Mac/Tools/pythonw.c
7 issues
Line: 76
Column: 5
CWE codes:
120
Suggestion:
Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused)
return NULL;
}
strcpy(g_path, info.dli_fname);
end = g_path + len - 1;
while (end != g_path && *end != '/') {
end --;
}
end++;
Reported by FlawFinder.
Line: 85
Column: 5
CWE codes:
120
Suggestion:
Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused)
if (*end == '.') {
end++;
}
strcpy(end, "Resources/Python.app/Contents/MacOS/" PYTHONFRAMEWORK);
return g_path;
}
#ifdef HAVE_SPAWN_H
Reported by FlawFinder.
Line: 179
Column: 17
CWE codes:
120/785!
Suggestion:
Ensure that the destination buffer is at least of size MAXPATHLEN, andto protect against implementation problems, the input argument should also be checked to ensure it is no larger than MAXPATHLEN
char replaced;
replaced = slash[1];
slash[1] = 0;
if (realpath(path, real_path) == NULL) {
err(1, "realpath: %s", path);
}
slash[1] = replaced;
if (strlcat(real_path, slash, sizeof(real_path)) > sizeof(real_path)) {
errno = EINVAL;
Reported by FlawFinder.
Line: 189
Column: 17
CWE codes:
120/785!
Suggestion:
Ensure that the destination buffer is at least of size MAXPATHLEN, andto protect against implementation problems, the input argument should also be checked to ensure it is no larger than MAXPATHLEN
}
} else {
if (realpath(".", real_path) == NULL) {
err(1, "realpath: %s", path);
}
if (strlcat(real_path, "/", sizeof(real_path)) > sizeof(real_path)) {
errno = EINVAL;
err(1, "realpath: %s", path);
Reported by FlawFinder.
Line: 157
Column: 12
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
int
main(int argc, char **argv) {
char* exec_path = get_python_path();
static char path[PATH_MAX * 2];
static char real_path[PATH_MAX * 2];
int status;
uint32_t size = PATH_MAX * 2;
/* Set the original executable path in the environment. */
Reported by FlawFinder.
Line: 158
Column: 12
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
main(int argc, char **argv) {
char* exec_path = get_python_path();
static char path[PATH_MAX * 2];
static char real_path[PATH_MAX * 2];
int status;
uint32_t size = PATH_MAX * 2;
/* Set the original executable path in the environment. */
status = _NSGetExecutablePath(path, &size);
Reported by FlawFinder.
Line: 69
Column: 11
CWE codes:
126
return NULL;
}
len = strlen(info.dli_fname);
g_path = malloc(len+60);
if (g_path == NULL) {
return NULL;
}
Reported by FlawFinder.
PCbuild/fix_encoding.py
7 issues
Line: 17
Column: 48
__version__ = "1.0.0.0"
def fix(p):
with open(p, 'r', encoding='utf-8-sig') as f:
data = f.read()
with open(p, 'w', encoding='utf-8-sig') as f:
f.write(data)
ROOT_DIR = Path(__file__).resolve().parent
Reported by Pylint.
Line: 1
Column: 1
#! /usr/bin/env python3
#
# Fixes encoding of the project files to add UTF-8 BOM.
#
# Visual Studio insists on having the BOM in project files, and will
# restore it on first edit. This script will go through the relevant
# files and ensure the BOM is included, which should prevent too many
# irrelevant changesets.
#
Reported by Pylint.
Line: 16
Column: 1
__author__ = "Steve Dower <steve.dower@python.org>"
__version__ = "1.0.0.0"
def fix(p):
with open(p, 'r', encoding='utf-8-sig') as f:
data = f.read()
with open(p, 'w', encoding='utf-8-sig') as f:
f.write(data)
Reported by Pylint.
Line: 16
Column: 1
__author__ = "Steve Dower <steve.dower@python.org>"
__version__ = "1.0.0.0"
def fix(p):
with open(p, 'r', encoding='utf-8-sig') as f:
data = f.read()
with open(p, 'w', encoding='utf-8-sig') as f:
f.write(data)
Reported by Pylint.
Line: 17
Column: 48
__version__ = "1.0.0.0"
def fix(p):
with open(p, 'r', encoding='utf-8-sig') as f:
data = f.read()
with open(p, 'w', encoding='utf-8-sig') as f:
f.write(data)
ROOT_DIR = Path(__file__).resolve().parent
Reported by Pylint.
Line: 19
Column: 48
def fix(p):
with open(p, 'r', encoding='utf-8-sig') as f:
data = f.read()
with open(p, 'w', encoding='utf-8-sig') as f:
f.write(data)
ROOT_DIR = Path(__file__).resolve().parent
if __name__ == '__main__':
Reported by Pylint.
Line: 25
Column: 5
ROOT_DIR = Path(__file__).resolve().parent
if __name__ == '__main__':
count = 0
print('Fixing:')
for f in ROOT_DIR.glob('*.vcxproj'):
print(f' - {f.name}')
fix(f)
count += 1
Reported by Pylint.
PC/validate_ucrtbase.py
7 issues
Line: 52
Column: 53
while actual_len == name_len:
name_len *= 2
name = create_unicode_buffer(name_len)
actual_len = kernel32.GetModuleFileNameW(HANDLE(ucrtbased._handle),
name, len(name))
if not actual_len:
print('Failed to get full module name.')
sys.exit(2)
Reported by Pylint.
Line: 63
Column: 13
print('Failed to get size of version info.')
sys.exit(2)
ver_block = c_buffer(size)
if (not version.GetFileVersionInfoW(name, None, size, ver_block) or
not ver_block):
print('Failed to get version info.')
sys.exit(2)
Reported by Pylint.
Line: 12
Column: 1
Structure, WinDLL)
from ctypes.wintypes import DWORD, HANDLE
class VS_FIXEDFILEINFO(Structure):
_fields_ = [
("dwSignature", DWORD),
("dwStrucVersion", DWORD),
("dwFileVersionMS", DWORD),
("dwFileVersionLS", DWORD),
Reported by Pylint.
Line: 12
Column: 1
Structure, WinDLL)
from ctypes.wintypes import DWORD, HANDLE
class VS_FIXEDFILEINFO(Structure):
_fields_ = [
("dwSignature", DWORD),
("dwStrucVersion", DWORD),
("dwFileVersionMS", DWORD),
("dwFileVersionLS", DWORD),
Reported by Pylint.
Line: 12
Column: 1
Structure, WinDLL)
from ctypes.wintypes import DWORD, HANDLE
class VS_FIXEDFILEINFO(Structure):
_fields_ = [
("dwSignature", DWORD),
("dwStrucVersion", DWORD),
("dwFileVersionMS", DWORD),
("dwFileVersionLS", DWORD),
Reported by Pylint.
Line: 48
Column: 12
# We will immediately double the length up to MAX_PATH, but the
# path may be longer, so we retry until the returned string is
# shorter than our buffer.
name_len = actual_len = 130
while actual_len == name_len:
name_len *= 2
name = create_unicode_buffer(name_len)
actual_len = kernel32.GetModuleFileNameW(HANDLE(ucrtbased._handle),
name, len(name))
Reported by Pylint.
Line: 48
Column: 1
# We will immediately double the length up to MAX_PATH, but the
# path may be longer, so we retry until the returned string is
# shorter than our buffer.
name_len = actual_len = 130
while actual_len == name_len:
name_len *= 2
name = create_unicode_buffer(name_len)
actual_len = kernel32.GetModuleFileNameW(HANDLE(ucrtbased._handle),
name, len(name))
Reported by Pylint.
PC/testpy.py
7 issues
Line: 29
Column: 1
# Add the "test" directory to PYTHONPATH.
sys.path = sys.path + [test]
import libregrtest # Standard Python tester.
libregrtest.main()
Reported by Pylint.
Line: 9
Column: 1
try:
import os
except:
print("""Could not import the standard "os" module.
Please check your PYTHONPATH environment variable.""")
sys.exit(1)
try:
Reported by Pylint.
Line: 15
Column: 5
sys.exit(1)
try:
import symbol
except:
print("""Could not import the standard "symbol" module. If this is
a PC, you should add the dos_8x3 directory to your PYTHONPATH.""")
sys.exit(1)
Reported by Pylint.
Line: 16
Column: 1
try:
import symbol
except:
print("""Could not import the standard "symbol" module. If this is
a PC, you should add the dos_8x3 directory to your PYTHONPATH.""")
sys.exit(1)
for dir in sys.path:
Reported by Pylint.
Line: 21
Column: 5
a PC, you should add the dos_8x3 directory to your PYTHONPATH.""")
sys.exit(1)
for dir in sys.path:
file = os.path.join(dir, "os.py")
if os.path.isfile(file):
test = os.path.join(dir, "test")
if os.path.isdir(test):
# Add the "test" directory to PYTHONPATH.
Reported by Pylint.
Line: 1
Column: 1
import sys
# This is a test module for Python. It looks in the standard
# places for various *.py files. If these are moved, you must
# change this module too.
try:
import os
except:
Reported by Pylint.
Line: 29
Column: 1
# Add the "test" directory to PYTHONPATH.
sys.path = sys.path + [test]
import libregrtest # Standard Python tester.
libregrtest.main()
Reported by Pylint.
Modules/zlibmodule.c
7 issues
Line: 809
CWE codes:
908
static int
save_unconsumed_input(compobject *self, Py_buffer *data, int err)
{
if (err == Z_STREAM_END) {
/* The end of the compressed data has been reached. Store the leftover
input data in self->unused_data. */
if (self->zst.avail_in > 0) {
Py_ssize_t old_size = PyBytes_GET_SIZE(self->unused_data);
Py_ssize_t new_size, left_size;
Reported by Cppcheck.
Line: 1024
CWE codes:
908
/* If mode is Z_FINISH, we also have to call deflateEnd() to free
various data structures. Note we should only get Z_STREAM_END when
mode is Z_FINISH, but checking both for safety*/
if (err == Z_STREAM_END && mode == Z_FINISH) {
err = deflateEnd(&self->zst);
if (err != Z_OK) {
zlib_error(state, self->zst, err, "while finishing compression");
goto error;
}
Reported by Cppcheck.
Line: 1315
CWE codes:
908
goto save;
}
} while (self->zst.avail_out == 0 || err == Z_NEED_DICT);
} while (err != Z_STREAM_END && ibuflen != 0);
save:
if (save_unconsumed_input(self, &data, err) < 0) {
Reported by Cppcheck.
Line: 1317
CWE codes:
908
} while (self->zst.avail_out == 0 || err == Z_NEED_DICT);
} while (err != Z_STREAM_END && ibuflen != 0);
save:
if (save_unconsumed_input(self, &data, err) < 0) {
goto abort;
}
Reported by Cppcheck.
Line: 1320
CWE codes:
908
} while (err != Z_STREAM_END && ibuflen != 0);
save:
if (save_unconsumed_input(self, &data, err) < 0) {
goto abort;
}
/* If at end of stream, clean up any memory allocated by zlib. */
if (err == Z_STREAM_END) {
Reported by Cppcheck.
Line: 825
Column: 13
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
new_data = PyBytes_FromStringAndSize(NULL, new_size);
if (new_data == NULL)
return -1;
memcpy(PyBytes_AS_STRING(new_data),
PyBytes_AS_STRING(self->unused_data), old_size);
memcpy(PyBytes_AS_STRING(new_data) + old_size,
self->zst.next_in, left_size);
Py_SETREF(self->unused_data, new_data);
self->zst.avail_in = 0;
Reported by FlawFinder.
Line: 827
Column: 13
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
return -1;
memcpy(PyBytes_AS_STRING(new_data),
PyBytes_AS_STRING(self->unused_data), old_size);
memcpy(PyBytes_AS_STRING(new_data) + old_size,
self->zst.next_in, left_size);
Py_SETREF(self->unused_data, new_data);
self->zst.avail_in = 0;
}
}
Reported by FlawFinder.