The following issues were found
PCbuild/urlretrieve.py
5 issues
Line: 39
Suggestion:
https://bandit.readthedocs.io/en/latest/blacklists/blacklist_calls.html#b310-urllib-urlopen
URL = sys.argv[1]
FILENAME = sys.argv[2]
print("Downloading from", URL, "to", FILENAME, "using", USING)
urlretrieve(URL, FILENAME)
Reported by Bandit.
Line: 1
Column: 1
# Simple Python script to download a file. Used as a fallback
# when other more reliable methods fail.
#
from __future__ import print_function
import sys
try:
from requests import get
except ImportError:
Reported by Pylint.
Line: 24
Column: 5
else:
USING = "requests.get"
def urlretrieve(url, filename):
r = get(url, stream=True)
r.raise_for_status()
with open(filename, 'wb') as f:
for chunk in r.iter_content(chunk_size=1024):
f.write(chunk)
Reported by Pylint.
Line: 25
Column: 9
USING = "requests.get"
def urlretrieve(url, filename):
r = get(url, stream=True)
r.raise_for_status()
with open(filename, 'wb') as f:
for chunk in r.iter_content(chunk_size=1024):
f.write(chunk)
return filename
Reported by Pylint.
Line: 27
Column: 38
def urlretrieve(url, filename):
r = get(url, stream=True)
r.raise_for_status()
with open(filename, 'wb') as f:
for chunk in r.iter_content(chunk_size=1024):
f.write(chunk)
return filename
if __name__ == '__main__':
Reported by Pylint.
Parser/string_parser.c
5 issues
Line: 80
Column: 17
CWE codes:
120
Suggestion:
Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused)
if (*s == '\\') {
*p++ = *s++;
if (s >= end || *s & 0x80) {
strcpy(p, "u005c");
p += 5;
if (s >= end) {
break;
}
}
Reported by FlawFinder.
Line: 103
Column: 17
CWE codes:
120
Suggestion:
Use sprintf_s, snprintf, or vsnprintf
w_len = PyUnicode_GET_LENGTH(w);
for (i = 0; i < w_len; i++) {
Py_UCS4 chr = PyUnicode_READ(kind, data, i);
sprintf(p, "\\U%08x", chr);
p += 10;
}
/* Should be impossible to overflow */
assert(p - buf <= PyBytes_GET_SIZE(u));
Py_DECREF(w);
Reported by FlawFinder.
Line: 376
Column: 5
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
// The call to fstring_find_expr_location is responsible for finding the column offset
// the generated AST nodes need to be shifted to the right, which is equal to the number
// of the f-string characters before the expression starts.
memcpy(str+1, expr_start, len);
int lines, cols;
if (!fstring_find_expr_location(t, expr_start-1, str+1, &lines, &cols)) {
PyMem_Free(str);
return NULL;
}
Reported by FlawFinder.
Line: 547
Column: 5
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
/* Keep track of nesting level for braces/parens/brackets in
expressions. */
Py_ssize_t nested_depth = 0;
char parenstack[MAXLEVEL];
*expr_text = NULL;
/* Can only nest one level deep. */
if (recurse_lvl >= 2) {
Reported by FlawFinder.
Line: 212
Column: 11
CWE codes:
126
}
/* Skip the leading quote char. */
s++;
len = strlen(s);
if (len > INT_MAX) {
PyErr_SetString(PyExc_OverflowError, "string to parse is too long");
return -1;
}
if (s[--len] != quote) {
Reported by FlawFinder.
Python/codecs.c
5 issues
Line: 1016
Column: 17
CWE codes:
120
Suggestion:
Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused)
if (ucnhash_capi->getname(c, buffer, sizeof(buffer), 1)) {
*outp++ = 'N';
*outp++ = '{';
strcpy((char *)outp, buffer);
outp += strlen(buffer);
*outp++ = '}';
continue;
}
if (c >= 0x00010000) {
Reported by FlawFinder.
Line: 972
Column: 9
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
Py_ssize_t ressize;
int replsize;
Py_UCS4 c;
char buffer[256]; /* NAME_MAXLEN */
if (PyUnicodeEncodeError_GetStart(exc, &start))
return NULL;
if (PyUnicodeEncodeError_GetEnd(exc, &end))
return NULL;
if (!(object = PyUnicodeEncodeError_GetObject(exc)))
Reported by FlawFinder.
Line: 86
Column: 18
CWE codes:
126
static
PyObject *normalizestring(const char *string)
{
size_t len = strlen(string);
char *encoding;
PyObject *v;
if (len > PY_SSIZE_T_MAX) {
PyErr_SetString(PyExc_OverflowError, "string is too large");
Reported by FlawFinder.
Line: 991
Column: 39
CWE codes:
126
/* object is guaranteed to be "ready" */
c = PyUnicode_READ_CHAR(object, i);
if (ucnhash_capi->getname(c, buffer, sizeof(buffer), 1)) {
replsize = 1+1+1+(int)strlen(buffer)+1;
}
else if (c >= 0x10000) {
replsize = 1+1+8;
}
else if (c >= 0x100) {
Reported by FlawFinder.
Line: 1017
Column: 25
CWE codes:
126
*outp++ = 'N';
*outp++ = '{';
strcpy((char *)outp, buffer);
outp += strlen(buffer);
*outp++ = '}';
continue;
}
if (c >= 0x00010000) {
*outp++ = 'U';
Reported by FlawFinder.
Python/dynload_win.c
5 issues
Line: 278
import_python);
Py_BEGIN_ALLOW_THREADS
FreeLibrary(hDLL);
Py_END_ALLOW_THREADS
return NULL;
}
}
Py_BEGIN_ALLOW_THREADS
p = GetProcAddress(hDLL, funcname);
Reported by Cppcheck.
Line: 168
Column: 5
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
PyObject *pathname, FILE *fp)
{
dl_funcptr p;
char funcname[258], *import_python;
_Py_CheckPython3();
#if USE_UNICODE_WCHAR_CACHE
const wchar_t *wpathname = _PyUnicode_AsUnicode(pathname);
Reported by FlawFinder.
Line: 210
Column: 13
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
unsigned int errorCode;
/* Get an error string from Win32 error code */
wchar_t theInfo[256]; /* Pointer to error text
from system */
int theLength; /* Length of error text */
errorCode = GetLastError();
Reported by FlawFinder.
Line: 259
Column: 13
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
}
return NULL;
} else {
char buffer[256];
PyOS_snprintf(buffer, sizeof(buffer),
#ifdef _DEBUG
"python%d%d_d.dll",
#else
Reported by FlawFinder.
Line: 122
Column: 17
CWE codes:
126
import_off);
while (DWORD_AT(import_data)) {
import_name = dllbase + DWORD_AT(import_data+12);
if (strlen(import_name) >= 6 &&
!strncmp(import_name,"python",6)) {
char *pch;
#ifndef _DEBUG
/* In a release version, don't claim that python3.dll is
Reported by FlawFinder.
Python/import.c
5 issues
Line: 2087
Column: 9
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
{
union {
uint64_t x;
char data[sizeof(uint64_t)];
} hash;
hash.x = _Py_KeyedHash((uint64_t)key, source->buf, source->len);
#if !PY_LITTLE_ENDIAN
// Force to little-endian. There really ought to be a succinct standard way
// to do this.
Reported by FlawFinder.
Line: 2253
Column: 9
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
/* Copy the tables into the new memory at the first call
to PyImport_ExtendInittab(). */
if (inittab_copy != PyImport_Inittab) {
memcpy(p, PyImport_Inittab, (i+1) * sizeof(struct _inittab));
}
memcpy(p + i, newtab, (n + 1) * sizeof(struct _inittab));
PyImport_Inittab = inittab_copy = p;
done:
Reported by FlawFinder.
Line: 2255
Column: 5
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
if (inittab_copy != PyImport_Inittab) {
memcpy(p, PyImport_Inittab, (i+1) * sizeof(struct _inittab));
}
memcpy(p + i, newtab, (n + 1) * sizeof(struct _inittab));
PyImport_Inittab = inittab_copy = p;
done:
PyMem_SetAllocator(PYMEM_DOMAIN_RAW, &old_alloc);
return res;
Reported by FlawFinder.
Line: 1340
Column: 17
CWE codes:
126
Suggestion:
This function is often discouraged by most C++ coding standards in favor of its safer alternatives provided since C++14. Consider using a form of this function that checks the second iterator before potentially overflowing it
goto error;
}
else if (spec != NULL && spec != Py_None) {
int equal;
PyObject *parent = _PyObject_GetAttrId(spec, &PyId_parent);
if (parent == NULL) {
goto error;
}
Reported by FlawFinder.
Line: 1348
Column: 17
CWE codes:
126
Suggestion:
This function is often discouraged by most C++ coding standards in favor of its safer alternatives provided since C++14. Consider using a form of this function that checks the second iterator before potentially overflowing it
equal = PyObject_RichCompareBool(package, parent, Py_EQ);
Py_DECREF(parent);
if (equal < 0) {
goto error;
}
else if (equal == 0) {
if (PyErr_WarnEx(PyExc_ImportWarning,
"__package__ != __spec__.parent", 1) < 0) {
Reported by FlawFinder.
Python/sysmodule.c
5 issues
Line: 931
Column: 18
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
static int
trace_init(void)
{
static const char * const whatnames[8] = {
"call", "exception", "line", "return",
"c_call", "c_exception", "c_return",
"opcode"
};
PyObject *name;
Reported by FlawFinder.
Line: 1503
Column: 5
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
OSVERSIONINFOEXW ver;
DWORD realMajor, realMinor, realBuild;
HANDLE hKernel32;
wchar_t kernel32_path[MAX_PATH];
LPVOID verblock;
DWORD verblock_size;
ver.dwOSVersionInfoSize = sizeof(ver);
if (!GetVersionExW((OSVERSIONINFOW*) &ver))
Reported by FlawFinder.
Line: 3270
Column: 5
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
{
PyObject *file;
PyObject *error_type, *error_value, *error_traceback;
char buffer[1001];
int written;
PyThreadState *tstate = _PyThreadState_GET();
_PyErr_Fetch(tstate, &error_type, &error_value, &error_traceback);
file = sys_get_object_id(tstate, key);
Reported by FlawFinder.
Line: 537
Column: 26
CWE codes:
126
assert(!_PyErr_Occurred(tstate));
char *envar = Py_GETENV("PYTHONBREAKPOINT");
if (envar == NULL || strlen(envar) == 0) {
envar = "pdb.set_trace";
}
else if (!strcmp(envar, "0")) {
/* The breakpoint is explicitly no-op'd. */
Py_RETURN_NONE;
Reported by FlawFinder.
Line: 3106
Column: 24
CWE codes:
126
for (i = 0; ; i++) {
p = wcschr(path, delim);
if (p == NULL)
p = path + wcslen(path); /* End of string */
w = PyUnicode_FromWideChar(path, (Py_ssize_t)(p - path));
if (w == NULL) {
Py_DECREF(v);
return NULL;
}
Reported by FlawFinder.
Lib/test/test_unpack_ex.py
5 issues
Line: 1
Column: 1
# Tests for extended unpacking, starred expressions.
doctests = """
Unpack tuple
>>> t = (1, 2, 3)
>>> a, *b, c = t
>>> a == 1 and b == [2] and c == 3
Reported by Pylint.
Line: 3
Column: 1
# Tests for extended unpacking, starred expressions.
doctests = """
Unpack tuple
>>> t = (1, 2, 3)
>>> a, *b, c = t
>>> a == 1 and b == [2] and c == 3
Reported by Pylint.
Line: 395
Column: 1
__test__ = {'doctests' : doctests}
def test_main(verbose=False):
from test import support
from test import test_unpack_ex
support.run_doctest(test_unpack_ex, verbose)
if __name__ == "__main__":
Reported by Pylint.
Line: 396
Column: 5
__test__ = {'doctests' : doctests}
def test_main(verbose=False):
from test import support
from test import test_unpack_ex
support.run_doctest(test_unpack_ex, verbose)
if __name__ == "__main__":
test_main(verbose=True)
Reported by Pylint.
Line: 397
Column: 5
def test_main(verbose=False):
from test import support
from test import test_unpack_ex
support.run_doctest(test_unpack_ex, verbose)
if __name__ == "__main__":
test_main(verbose=True)
Reported by Pylint.
Lib/test/test_unpack.py
5 issues
Line: 1
Column: 1
doctests = """
Unpack tuple
>>> t = (1, 2, 3)
>>> a, b, c = t
>>> a == 1 and b == 2 and c == 3
True
Reported by Pylint.
Line: 1
Column: 1
doctests = """
Unpack tuple
>>> t = (1, 2, 3)
>>> a, b, c = t
>>> a == 1 and b == 2 and c == 3
True
Reported by Pylint.
Line: 145
Column: 1
__test__ = {'doctests' : doctests}
def test_main(verbose=False):
from test import support
from test import test_unpack
support.run_doctest(test_unpack, verbose)
if __name__ == "__main__":
Reported by Pylint.
Line: 146
Column: 5
__test__ = {'doctests' : doctests}
def test_main(verbose=False):
from test import support
from test import test_unpack
support.run_doctest(test_unpack, verbose)
if __name__ == "__main__":
test_main(verbose=True)
Reported by Pylint.
Line: 147
Column: 5
def test_main(verbose=False):
from test import support
from test import test_unpack
support.run_doctest(test_unpack, verbose)
if __name__ == "__main__":
test_main(verbose=True)
Reported by Pylint.
Tools/c-analyzer/c_parser/source.py
5 issues
Line: 31
Column: 13
yield filename
except Exception:
if not os.path.exists(filename):
raise FileNotFoundError(f'file not found: {filename}')
raise # re-raise
def _looks_like_filename(value):
if not isinstance(value, str):
Reported by Pylint.
Line: 1
Column: 1
import contextlib
import os.path
def resolve(source, filename):
if _looks_like_filename(source):
return _resolve_filename(source, filename)
if isinstance(source, str):
Reported by Pylint.
Line: 5
Column: 1
import os.path
def resolve(source, filename):
if _looks_like_filename(source):
return _resolve_filename(source, filename)
if isinstance(source, str):
source = source.splitlines()
Reported by Pylint.
Line: 23
Column: 1
@contextlib.contextmanager
def good_file(filename, alt=None):
if not _looks_like_filename(filename):
raise ValueError(f'expected a filename, got {filename}')
filename, _ = _resolve_filename(filename, alt)
try:
yield filename
Reported by Pylint.
Line: 58
Column: 1
@contextlib.contextmanager
def opened(source, filename=None):
source, filename = resolve(source, filename)
if isinstance(source, str):
with open(source) as srcfile:
yield srcfile, filename
else:
Reported by Pylint.
Lib/test/test_tools/test_sundry.py
5 issues
Line: 17
Column: 1
skip_if_missing()
class TestSundryScripts(unittest.TestCase):
# At least make sure the rest don't have syntax errors. When tests are
# added for a script it should be added to the allowlist below.
# scripts that have independent tests.
allowlist = ['reindent', 'pdeps', 'gprof2html', 'md5sum']
Reported by Pylint.
Line: 32
Column: 5
skiplist = denylist + allowlist + windows_only + other
def test_sundry(self):
old_modules = import_helper.modules_setup()
try:
for fn in os.listdir(scriptsdir):
if not fn.endswith('.py'):
continue
Reported by Pylint.
Line: 35
Column: 17
def test_sundry(self):
old_modules = import_helper.modules_setup()
try:
for fn in os.listdir(scriptsdir):
if not fn.endswith('.py'):
continue
name = fn[:-3]
if name in self.skiplist:
Reported by Pylint.
Line: 49
Column: 5
import_helper.modules_cleanup(*old_modules)
@unittest.skipIf(sys.platform != "win32", "Windows-only test")
def test_sundry_windows(self):
for name in self.windows_only:
import_tool(name)
def test_analyze_dxp_import(self):
if hasattr(sys, 'getdxp'):
Reported by Pylint.
Line: 53
Column: 5
for name in self.windows_only:
import_tool(name)
def test_analyze_dxp_import(self):
if hasattr(sys, 'getdxp'):
import_tool('analyze_dxp')
else:
with self.assertRaises(RuntimeError):
import_tool('analyze_dxp')
Reported by Pylint.