The following issues were found

Modules/_ctypes/callbacks.c
2 issues
char - Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues
Security

Line: 84 Column: 5 CWE codes: 119 120
Suggestion: Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length 

              static void
PrintError(const char *msg, ...)
{
    char buf[512];
    PyObject *f = PySys_GetObject("stderr");
    va_list marker;

    va_start(marker, msg);
    PyOS_vsnprintf(buf, sizeof(buf), msg, marker);

Reported by FlawFinder.

memcpy - Does not check for buffer overflows when copying to destination
Security

Line: 202 Column: 13 CWE codes: 120
Suggestion: Make sure destination can always hold the source data 

                              PrintError("unexpected result of create argument %zd:\n", i);
                goto Done;
            }
            memcpy(obj->b_ptr, *pArgs, dict->size);
            PyTuple_SET_ITEM(arglist, i, (PyObject *)obj);
#ifdef MS_WIN32
            TryAddRef(dict, obj);
#endif
        } else {

Reported by FlawFinder.

Modules/clinic/_cryptmodule.c.h
2 issues
strlen - Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected)
Security

Line: 41 Column: 9 CWE codes: 126 

                  if (word == NULL) {
        goto exit;
    }
    if (strlen(word) != (size_t)word_length) {
        PyErr_SetString(PyExc_ValueError, "embedded null character");
        goto exit;
    }
    if (!PyUnicode_Check(args[1])) {
        _PyArg_BadArgument("crypt", "argument 2", "str", args[1]);

Reported by FlawFinder.

strlen - Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected)
Security

Line: 54 Column: 9 CWE codes: 126 

                  if (salt == NULL) {
        goto exit;
    }
    if (strlen(salt) != (size_t)salt_length) {
        PyErr_SetString(PyExc_ValueError, "embedded null character");
        goto exit;
    }
    return_value = crypt_crypt_impl(module, word, salt);

Reported by FlawFinder.

Modules/cjkcodecs/multibytecodec.h
2 issues
char - Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues
Security

Line: 27 Column: 14 CWE codes: 119 120
Suggestion: Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length 

               * getstate doesn't differ between little and big endian CPUs.
 */
typedef struct {
    unsigned char c[8];
} MultibyteCodec_State;

typedef int (*mbcodec_init)(const void *config);
typedef Py_ssize_t (*mbencode_func)(MultibyteCodec_State *state,
                        const void *config,

Reported by FlawFinder.

char - Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues
Security

Line: 90 Column: 14 CWE codes: 119 120
Suggestion: Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length 

              #define MAXDECPENDING   8
#define _MultibyteStatefulDecoder_HEAD          \
    _MultibyteStatefulCodec_HEAD                \
    unsigned char pending[MAXDECPENDING];       \
    Py_ssize_t pendingsize;
typedef struct {
    _MultibyteStatefulDecoder_HEAD
} MultibyteStatefulDecoderContext;

Reported by FlawFinder.

Lib/tkinter/__main__.py
2 issues
Attempted relative import beyond top-level package
Error

Line: 6 Column: 1 

              import sys
if sys.argv[0].endswith("__main__.py"):
    sys.argv[0] = "python -m tkinter"
from . import _test as main
main()

Reported by Pylint.

Import "from . import _test as main" should be placed at the top of the module
Error

Line: 6 Column: 1 

              import sys
if sys.argv[0].endswith("__main__.py"):
    sys.argv[0] = "python -m tkinter"
from . import _test as main
main()

Reported by Pylint.

Modules/cjkcodecs/clinic/multibytecodec.c.h
2 issues
strlen - Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected)
Security

Line: 52 Column: 13 CWE codes: 126 

                      if (errors == NULL) {
            goto exit;
        }
        if (strlen(errors) != (size_t)errors_length) {
            PyErr_SetString(PyExc_ValueError, "embedded null character");
            goto exit;
        }
    }
    else {

Reported by FlawFinder.

strlen - Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected)
Security

Line: 121 Column: 13 CWE codes: 126 

                      if (errors == NULL) {
            goto exit;
        }
        if (strlen(errors) != (size_t)errors_length) {
            PyErr_SetString(PyExc_ValueError, "embedded null character");
            goto exit;
        }
    }
    else {

Reported by FlawFinder.

Modules/cjkcodecs/cjkcodecs.h
2 issues
strcpy - Does not check for buffer overflows when copying to destination [MS-banned]
Security

Line: 307 Column: 9 CWE codes: 120
Suggestion: Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused) 

              
    for (h = mapping_list; h->charset[0] != '\0'; h++) {
        char mhname[256] = "__map_";
        strcpy(mhname + sizeof("__map_") - 1, h->charset);

        PyObject *capsule = PyCapsule_New((void *)h,
                                          PyMultibyteCodec_CAPSULE_NAME, NULL);
        if (capsule == NULL) {
            return -1;

Reported by FlawFinder.

char - Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues
Security

Line: 306 Column: 9 CWE codes: 119 120
Suggestion: Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length 

                  const struct dbcs_map *h;

    for (h = mapping_list; h->charset[0] != '\0'; h++) {
        char mhname[256] = "__map_";
        strcpy(mhname + sizeof("__map_") - 1, h->charset);

        PyObject *capsule = PyCapsule_New((void *)h,
                                          PyMultibyteCodec_CAPSULE_NAME, NULL);
        if (capsule == NULL) {

Reported by FlawFinder.

Lib/test/xmltests.py
2 issues
Missing module docstring
Error

Line: 1 Column: 1 

              # Convenience test module to run all of the XML-related tests in the
# standard library.

import sys
import test.support

test.support.verbose = 0

def runtest(name):

Reported by Pylint.

Missing function or method docstring
Error

Line: 9 Column: 1 

              
test.support.verbose = 0

def runtest(name):
    __import__(name)
    module = sys.modules[name]
    if hasattr(module, "test_main"):
        module.test_main()

Reported by Pylint.

Modules/_cryptmodule.c
2 issues
crypt_r - The crypt functions use a poor one-way hashing algorithm; since they only accept passwords of 8 characters or fewer and only a two-byte salt, they are excessively vulnerable to dictionary attacks given today's faster computing equipment
Security

Line: 44 Column: 20 CWE codes: 327
Suggestion: Use a different algorithm, such as SHA-256, with a larger, non-repeating salt 

              #ifdef HAVE_CRYPT_R
    struct crypt_data data;
    memset(&data, 0, sizeof(data));
    crypt_result = crypt_r(word, salt, &data);
#else
    crypt_result = crypt(word, salt);
#endif
    if (crypt_result == NULL) {
        return PyErr_SetFromErrno(PyExc_OSError);

Reported by FlawFinder.

crypt - The crypt functions use a poor one-way hashing algorithm; since they only accept passwords of 8 characters or fewer and only a two-byte salt, they are excessively vulnerable to dictionary attacks given today's faster computing equipment
Security

Line: 46 Column: 20 CWE codes: 327
Suggestion: Use a different algorithm, such as SHA-256, with a larger, non-repeating salt 

                  memset(&data, 0, sizeof(data));
    crypt_result = crypt_r(word, salt, &data);
#else
    crypt_result = crypt(word, salt);
#endif
    if (crypt_result == NULL) {
        return PyErr_SetFromErrno(PyExc_OSError);
    }
    return Py_BuildValue("s", crypt_result);

Reported by FlawFinder.

Python/ast_opt.c
2 issues
memcpy - Does not check for buffer overflows when copying to destination
Security

Line: 31 Column: 30 CWE codes: 120
Suggestion: Make sure destination can always hold the source data 

                  return 1;
}

#define COPY_NODE(TO, FROM) (memcpy((TO), (FROM), sizeof(struct _expr)))

static int
has_starred(asdl_expr_seq *elts)
{
    Py_ssize_t n = asdl_seq_LEN(elts);

Reported by FlawFinder.

char - Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues
Security

Line: 363 Column: 9 CWE codes: 119 120
Suggestion: Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length 

                      return NULL;
    }
    if (spec == 's' || spec == 'r' || spec == 'a') {
        char buf[1 + MAXDIGITS + 1 + MAXDIGITS + 1], *p = buf;
        if (!(flags & F_LJUST) && width > 0) {
            *p++ = '>';
        }
        if (width >= 0) {
            p += snprintf(p, MAXDIGITS + 1, "%d", width);

Reported by FlawFinder.

Python/bootstrap_hash.c
2 issues
Uninitialized variable: res
Error

Line: 230 CWE codes: 908 

                          res = getentropy(buffer, len);
        }

        if (res < 0) {
            /* ENOSYS: the syscall is not supported by the running kernel.
               EPERM: the syscall is blocked by a security policy (ex: SECCOMP)
               or something else. */
            if (errno == ENOSYS || errno == EPERM) {
                getentropy_works = 0;

Reported by Cppcheck.

read - Check buffer boundaries if used in a loop including recursive loops
Security

Line: 378 Column: 21 CWE codes: 120 20 

                      while (0 < size)
        {
            do {
                n = read(fd, buffer, (size_t)size);
            } while (n < 0 && errno == EINTR);

            if (n <= 0) {
                /* stop on error or if read(size) returned 0 */
                close(fd);

Reported by FlawFinder.