The following issues were found
Meta/serenity_gdb.py
113 issues
Line: 5
Column: 1
#
# SPDX-License-Identifier: BSD-2-Clause
import gdb
import gdb.types
import re
def handler_class_for_type(type, re=re.compile('^([^<]+)(<.*>)?$')):
Reported by Pylint.
Line: 6
Column: 1
# SPDX-License-Identifier: BSD-2-Clause
import gdb
import gdb.types
import re
def handler_class_for_type(type, re=re.compile('^([^<]+)(<.*>)?$')):
typename = str(type.tag)
Reported by Pylint.
Line: 10
Column: 28
import re
def handler_class_for_type(type, re=re.compile('^([^<]+)(<.*>)?$')):
typename = str(type.tag)
match = re.match(typename)
if not match:
return None
Reported by Pylint.
Line: 10
Column: 34
import re
def handler_class_for_type(type, re=re.compile('^([^<]+)(<.*>)?$')):
typename = str(type.tag)
match = re.match(typename)
if not match:
return None
Reported by Pylint.
Line: 53
Column: 31
class UnhandledType:
@classmethod
def prettyprint_type(cls, type):
return type.name
class AKAtomic:
def __init__(self, val):
Reported by Pylint.
Line: 65
Column: 31
return self.val["m_value"]
@classmethod
def prettyprint_type(cls, type):
contained_type = type.template_argument(0)
return f'AK::Atomic<{handler_class_for_type(contained_type).prettyprint_type(contained_type)}>'
class AKDistinctNumeric:
Reported by Pylint.
Line: 78
Column: 31
return self.val["m_value"]
@classmethod
def prettyprint_type(cls, type):
actual_name = type.template_argument(1)
parts = actual_name.name.split("::")
unqualified_name = re.sub(r'__(\w+)_tag', r'\1', actual_name.name)
if unqualified_name != actual_name.name:
qualified_name = '::'.join(parts[:-2] + [unqualified_name])
Reported by Pylint.
Line: 98
Column: 31
return self.val["m_ref_count"]
@classmethod
def prettyprint_type(cls, type):
contained_type = type.template_argument(0)
return f'AK::RefCounted<{handler_class_for_type(contained_type).prettyprint_type(contained_type)}>'
class AKString:
Reported by Pylint.
Line: 115
Column: 31
return AKStringImpl(impl).to_string()
@classmethod
def prettyprint_type(cls, type):
return 'AK::String'
class AKStringView:
def __init__(self, val):
Reported by Pylint.
Line: 115
Column: 31
return AKStringImpl(impl).to_string()
@classmethod
def prettyprint_type(cls, type):
return 'AK::String'
class AKStringView:
def __init__(self, val):
Reported by Pylint.
Meta/generate-libwasm-spec-test.py
66 issues
Line: 103
Column: 5
def generate(ast):
global named_modules, named_modules_inverse, registered_modules
if type(ast) != list:
return []
tests = []
for entry in ast:
Reported by Pylint.
Line: 128
Column: 85
tests.append({
"module": {
'ast': lambda: ('parse', generate_module_source_for_compilation(entry)),
'binary': lambda: ('literal', generate_binary_source(entry[start_index:])),
# FIXME: Make this work when we have a WAT parser
'quote': lambda: ('literal', entry[start_index]),
}[mode](),
"tests": []
Reported by Pylint.
Line: 129
Column: 80
tests.append({
"module": {
'ast': lambda: ('parse', generate_module_source_for_compilation(entry)),
'binary': lambda: ('literal', generate_binary_source(entry[start_index:])),
# FIXME: Make this work when we have a WAT parser
'quote': lambda: ('literal', entry[start_index]),
}[mode](),
"tests": []
})
Reported by Pylint.
Line: 129
Column: 74
tests.append({
"module": {
'ast': lambda: ('parse', generate_module_source_for_compilation(entry)),
'binary': lambda: ('literal', generate_binary_source(entry[start_index:])),
# FIXME: Make this work when we have a WAT parser
'quote': lambda: ('literal', entry[start_index]),
}[mode](),
"tests": []
})
Reported by Pylint.
Line: 130
Column: 3
"module": {
'ast': lambda: ('parse', generate_module_source_for_compilation(entry)),
'binary': lambda: ('literal', generate_binary_source(entry[start_index:])),
# FIXME: Make this work when we have a WAT parser
'quote': lambda: ('literal', entry[start_index]),
}[mode](),
"tests": []
})
Reported by Pylint.
Line: 131
Column: 50
'ast': lambda: ('parse', generate_module_source_for_compilation(entry)),
'binary': lambda: ('literal', generate_binary_source(entry[start_index:])),
# FIXME: Make this work when we have a WAT parser
'quote': lambda: ('literal', entry[start_index]),
}[mode](),
"tests": []
})
if name is not None:
Reported by Pylint.
Line: 131
Column: 56
'ast': lambda: ('parse', generate_module_source_for_compilation(entry)),
'binary': lambda: ('literal', generate_binary_source(entry[start_index:])),
# FIXME: Make this work when we have a WAT parser
'quote': lambda: ('literal', entry[start_index]),
}[mode](),
"tests": []
})
if name is not None:
Reported by Pylint.
Line: 259
Column: 3
try:
x = float(x)
if math.isnan(x):
# FIXME: This is going to mess up the different kinds of nan
return '-NaN' if math.copysign(1.0, x) < 0 else 'NaN'
if math.isinf(x):
return 'Infinity' if x > 0 else '-Infinity'
return x
except ValueError:
Reported by Pylint.
Line: 268
Column: 3
try:
x = float.fromhex(x)
if math.isnan(x):
# FIXME: This is going to mess up the different kinds of nan
return '-NaN' if math.copysign(1.0, x) < 0 else 'NaN'
if math.isinf(x):
return 'Infinity' if x > 0 else '-Infinity'
return x
except ValueError:
Reported by Pylint.
Line: 1
Column: 1
#!/usr/bin/env python3
import struct
from sys import argv, stderr
from os import path
from string import whitespace
import re
import math
from tempfile import NamedTemporaryFile
from subprocess import call
Reported by Pylint.
Userland/Libraries/LibC/stdio.cpp
50 issues
Line: 57
Column: 10
CWE codes:
120
20
Suggestion:
Use fgets() instead
size_t read(u8*, size_t);
size_t write(const u8*, size_t);
bool gets(u8*, size_t);
bool ungetc(u8 byte) { return m_buffer.enqueue_front(byte); }
int seek(off_t offset, int whence);
off_t tell();
Reported by FlawFinder.
Line: 347
Column: 12
CWE codes:
120
20
Suggestion:
Use fgets() instead
return total_written;
}
bool FILE::gets(u8* data, size_t size)
{
// gets() is a lot like read(), but it is different enough in how it
// processes newlines and null-terminates the buffer that it deserves a
// separate implementation.
size_t total_read = 0;
Reported by FlawFinder.
Line: 681
Column: 23
CWE codes:
120
20
Suggestion:
Use fgets() instead
{
VERIFY(stream);
ScopedFileLock lock(stream);
bool ok = stream->gets(reinterpret_cast<u8*>(buffer), size);
return ok ? buffer : nullptr;
}
int fgetc(FILE* stream)
{
Reported by FlawFinder.
Line: 932
Column: 5
CWE codes:
134
Suggestion:
Use a constant for the format specification
fputc(ch, __current_stream);
}
int vfprintf(FILE* stream, const char* fmt, va_list ap)
{
__current_stream = stream;
return printf_internal(stream_putch, nullptr, fmt, ap);
}
Reported by FlawFinder.
Line: 938
Column: 5
CWE codes:
134
Suggestion:
Use a constant for the format specification
return printf_internal(stream_putch, nullptr, fmt, ap);
}
int fprintf(FILE* stream, const char* fmt, ...)
{
va_list ap;
va_start(ap, fmt);
int ret = vfprintf(stream, fmt, ap);
va_end(ap);
Reported by FlawFinder.
Line: 942
Column: 15
CWE codes:
134
Suggestion:
Use a constant for the format specification
{
va_list ap;
va_start(ap, fmt);
int ret = vfprintf(stream, fmt, ap);
va_end(ap);
return ret;
}
int vprintf(const char* fmt, va_list ap)
Reported by FlawFinder.
Line: 947
Column: 5
CWE codes:
134
Suggestion:
Use a constant for the format specification
return ret;
}
int vprintf(const char* fmt, va_list ap)
{
return printf_internal(stdout_putch, nullptr, fmt, ap);
}
int printf(const char* fmt, ...)
Reported by FlawFinder.
Line: 952
Column: 5
CWE codes:
134
Suggestion:
Use a constant for the format specification
return printf_internal(stdout_putch, nullptr, fmt, ap);
}
int printf(const char* fmt, ...)
{
va_list ap;
va_start(ap, fmt);
int ret = vprintf(fmt, ap);
va_end(ap);
Reported by FlawFinder.
Line: 956
Column: 15
CWE codes:
134
Suggestion:
Use a constant for the format specification
{
va_list ap;
va_start(ap, fmt);
int ret = vprintf(fmt, ap);
va_end(ap);
return ret;
}
int vasprintf(char** strp, const char* fmt, va_list ap)
Reported by FlawFinder.
Line: 989
Column: 5
CWE codes:
134
Suggestion:
Make format string constant
*bufptr++ = ch;
}
int vsprintf(char* buffer, const char* fmt, va_list ap)
{
int ret = printf_internal(buffer_putch, buffer, fmt, ap);
buffer[ret] = '\0';
return ret;
}
Reported by FlawFinder.
Tests/LibC/TestIo.cpp
40 issues
Line: 42
Column: 5
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
TEST_CASE(read_from_directory)
{
char buffer[BUFSIZ];
int fd = open("/", O_DIRECTORY | O_RDONLY);
VERIFY(fd >= 0);
int rc;
EXPECT_ERROR_3(EISDIR, read, fd, buffer, sizeof(buffer));
rc = close(fd);
Reported by FlawFinder.
Line: 43
Column: 14
CWE codes:
362
TEST_CASE(read_from_directory)
{
char buffer[BUFSIZ];
int fd = open("/", O_DIRECTORY | O_RDONLY);
VERIFY(fd >= 0);
int rc;
EXPECT_ERROR_3(EISDIR, read, fd, buffer, sizeof(buffer));
rc = close(fd);
VERIFY(rc == 0);
Reported by FlawFinder.
Line: 54
Column: 14
CWE codes:
362
TEST_CASE(write_to_directory)
{
char str[] = "oh frick";
int fd = open("/", O_DIRECTORY | O_RDONLY);
if (fd < 0)
perror("open");
VERIFY(fd >= 0);
int rc;
EXPECT_ERROR_3(EBADF, write, fd, str, sizeof(str));
Reported by FlawFinder.
Line: 66
Column: 5
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
TEST_CASE(read_from_writeonly)
{
char buffer[BUFSIZ];
int fd = open("/tmp/xxxx123", O_CREAT | O_WRONLY);
VERIFY(fd >= 0);
int rc;
EXPECT_ERROR_3(EBADF, read, fd, buffer, sizeof(buffer));
rc = close(fd);
Reported by FlawFinder.
Line: 67
Column: 14
CWE codes:
362
TEST_CASE(read_from_writeonly)
{
char buffer[BUFSIZ];
int fd = open("/tmp/xxxx123", O_CREAT | O_WRONLY);
VERIFY(fd >= 0);
int rc;
EXPECT_ERROR_3(EBADF, read, fd, buffer, sizeof(buffer));
rc = close(fd);
VERIFY(rc == 0);
Reported by FlawFinder.
Line: 80
Column: 14
CWE codes:
362
TEST_CASE(write_to_readonly)
{
char str[] = "hello";
int fd = open("/tmp/abcd123", O_CREAT | O_RDONLY);
VERIFY(fd >= 0);
int rc;
EXPECT_ERROR_3(EBADF, write, fd, str, sizeof(str));
rc = close(fd);
VERIFY(rc == 0);
Reported by FlawFinder.
Line: 92
Column: 5
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
TEST_CASE(read_past_eof)
{
char buffer[BUFSIZ];
int fd = open("/home/anon/README.md", O_RDONLY);
if (fd < 0)
perror("open");
VERIFY(fd >= 0);
int rc;
Reported by FlawFinder.
Line: 93
Column: 14
CWE codes:
362
TEST_CASE(read_past_eof)
{
char buffer[BUFSIZ];
int fd = open("/home/anon/README.md", O_RDONLY);
if (fd < 0)
perror("open");
VERIFY(fd >= 0);
int rc;
rc = lseek(fd, 99999, SEEK_SET);
Reported by FlawFinder.
Line: 112
Column: 14
CWE codes:
362
TEST_CASE(ftruncate_readonly)
{
int fd = open("/tmp/trunctest", O_RDONLY | O_CREAT, 0666);
VERIFY(fd >= 0);
int rc;
EXPECT_ERROR_2(EBADF, ftruncate, fd, 0);
rc = close(fd);
VERIFY(rc == 0);
Reported by FlawFinder.
Line: 124
Column: 14
CWE codes:
362
TEST_CASE(ftruncate_negative)
{
int fd = open("/tmp/trunctest", O_RDWR | O_CREAT, 0666);
VERIFY(fd >= 0);
int rc;
EXPECT_ERROR_2(EINVAL, ftruncate, fd, -1);
rc = close(fd);
VERIFY(rc == 0);
Reported by FlawFinder.
Userland/Libraries/LibC/unistd.cpp
38 issues
Line: 41
Column: 5
CWE codes:
362
Suggestion:
Use fchown( ) instead
static int s_cached_pid = 0;
int chown(const char* pathname, uid_t uid, gid_t gid)
{
if (!pathname) {
errno = EFAULT;
return -1;
}
Reported by FlawFinder.
Line: 463
Column: 9
CWE codes:
362
20
Suggestion:
Reconsider approach
__RETURN_WITH_ERRNO(rc, rc, -1);
}
ssize_t readlink(const char* path, char* buffer, size_t size)
{
Syscall::SC_readlink_params params { { path, strlen(path) }, { buffer, size } };
int rc = syscall(SC_readlink, ¶ms);
// Return the number of bytes placed in the buffer, not the full path size.
__RETURN_WITH_ERRNO(rc, min((size_t)rc, size), -1);
Reported by FlawFinder.
Line: 78
Column: 5
CWE codes:
78
Suggestion:
try using a library call that implements the same functionality if available
return fork();
}
int execv(const char* path, char* const argv[])
{
return execve(path, argv, environ);
}
int execve(const char* filename, char* const argv[], char* const envp[])
Reported by FlawFinder.
Line: 137
Column: 5
CWE codes:
78
Suggestion:
try using a library call that implements the same functionality if available
return -1;
}
int execvp(const char* filename, char* const argv[])
{
int rc = execvpe(filename, argv, environ);
int saved_errno = errno;
dbgln("execvp({}, ...) about to return {} with errno={}", filename, rc, saved_errno);
errno = saved_errno;
Reported by FlawFinder.
Line: 146
Column: 5
CWE codes:
78
Suggestion:
try using a library call that implements the same functionality if available
return rc;
}
int execl(const char* filename, const char* arg0, ...)
{
Vector<const char*, 16> args;
args.append(arg0);
va_list ap;
Reported by FlawFinder.
Line: 164
Column: 5
CWE codes:
78
Suggestion:
try using a library call that implements the same functionality if available
return execve(filename, const_cast<char* const*>(args.data()), environ);
}
int execle(char const* filename, char const* arg0, ...)
{
Vector<char const*> args;
args.append(arg0);
va_list ap;
Reported by FlawFinder.
Line: 184
Column: 5
CWE codes:
78
Suggestion:
try using a library call that implements the same functionality if available
return execve(filename, argv, envp);
}
int execlp(const char* filename, const char* arg0, ...)
{
Vector<const char*, 16> args;
args.append(arg0);
va_list ap;
Reported by FlawFinder.
Line: 601
Column: 5
CWE codes:
362/367!
Suggestion:
Set up the correct permissions (e.g., using setuid()) and try to open the file directly
__RETURN_WITH_ERRNO(rc, rc, -1);
}
int access(const char* pathname, int mode)
{
if (!pathname) {
errno = EFAULT;
return -1;
}
Reported by FlawFinder.
Line: 663
Column: 7
CWE codes:
807
Suggestion:
Use getpwuid(geteuid()) and extract the desired information instead
static String getlogin_buffer;
char* getlogin()
{
if (getlogin_buffer.is_null()) {
if (auto* passwd = getpwuid(getuid())) {
getlogin_buffer = String(passwd->pw_name);
}
Reported by FlawFinder.
Line: 786
Column: 7
CWE codes:
676
120
20
Suggestion:
Make the specific calls to do exactly what you want. If you continue to use it, or write your own, be sure to zero the password as soon as possible to avoid leaving the cleartext password visible in the process' address space
__RETURN_WITH_ERRNO(rc, rc, -1);
}
char* getpass(const char* prompt)
{
dbgln("FIXME: getpass('{}')", prompt);
TODO();
}
Reported by FlawFinder.
Userland/Libraries/LibC/stdio.h
37 issues
Line: 70
Column: 61
CWE codes:
134
Suggestion:
Use a constant for the format specification
size_t fread(void* ptr, size_t size, size_t nmemb, FILE*);
size_t fread_unlocked(void* ptr, size_t size, size_t nmemb, FILE*);
size_t fwrite(const void* ptr, size_t size, size_t nmemb, FILE*);
int vprintf(const char* fmt, va_list) __attribute__((format(printf, 1, 0)));
int vfprintf(FILE*, const char* fmt, va_list) __attribute__((format(printf, 2, 0)));
int vasprintf(char** strp, const char* fmt, va_list) __attribute__((format(printf, 2, 0)));
int vsprintf(char* buffer, const char* fmt, va_list) __attribute__((format(printf, 2, 0)));
int vsnprintf(char* buffer, size_t, const char* fmt, va_list) __attribute__((format(printf, 3, 0)));
int fprintf(FILE*, const char* fmt, ...) __attribute__((format(printf, 2, 3)));
Reported by FlawFinder.
Line: 70
Column: 5
CWE codes:
134
Suggestion:
Use a constant for the format specification
size_t fread(void* ptr, size_t size, size_t nmemb, FILE*);
size_t fread_unlocked(void* ptr, size_t size, size_t nmemb, FILE*);
size_t fwrite(const void* ptr, size_t size, size_t nmemb, FILE*);
int vprintf(const char* fmt, va_list) __attribute__((format(printf, 1, 0)));
int vfprintf(FILE*, const char* fmt, va_list) __attribute__((format(printf, 2, 0)));
int vasprintf(char** strp, const char* fmt, va_list) __attribute__((format(printf, 2, 0)));
int vsprintf(char* buffer, const char* fmt, va_list) __attribute__((format(printf, 2, 0)));
int vsnprintf(char* buffer, size_t, const char* fmt, va_list) __attribute__((format(printf, 3, 0)));
int fprintf(FILE*, const char* fmt, ...) __attribute__((format(printf, 2, 3)));
Reported by FlawFinder.
Line: 71
Column: 5
CWE codes:
134
Suggestion:
Use a constant for the format specification
size_t fread_unlocked(void* ptr, size_t size, size_t nmemb, FILE*);
size_t fwrite(const void* ptr, size_t size, size_t nmemb, FILE*);
int vprintf(const char* fmt, va_list) __attribute__((format(printf, 1, 0)));
int vfprintf(FILE*, const char* fmt, va_list) __attribute__((format(printf, 2, 0)));
int vasprintf(char** strp, const char* fmt, va_list) __attribute__((format(printf, 2, 0)));
int vsprintf(char* buffer, const char* fmt, va_list) __attribute__((format(printf, 2, 0)));
int vsnprintf(char* buffer, size_t, const char* fmt, va_list) __attribute__((format(printf, 3, 0)));
int fprintf(FILE*, const char* fmt, ...) __attribute__((format(printf, 2, 3)));
int printf(const char* fmt, ...) __attribute__((format(printf, 1, 2)));
Reported by FlawFinder.
Line: 71
Column: 69
CWE codes:
134
Suggestion:
Use a constant for the format specification
size_t fread_unlocked(void* ptr, size_t size, size_t nmemb, FILE*);
size_t fwrite(const void* ptr, size_t size, size_t nmemb, FILE*);
int vprintf(const char* fmt, va_list) __attribute__((format(printf, 1, 0)));
int vfprintf(FILE*, const char* fmt, va_list) __attribute__((format(printf, 2, 0)));
int vasprintf(char** strp, const char* fmt, va_list) __attribute__((format(printf, 2, 0)));
int vsprintf(char* buffer, const char* fmt, va_list) __attribute__((format(printf, 2, 0)));
int vsnprintf(char* buffer, size_t, const char* fmt, va_list) __attribute__((format(printf, 3, 0)));
int fprintf(FILE*, const char* fmt, ...) __attribute__((format(printf, 2, 3)));
int printf(const char* fmt, ...) __attribute__((format(printf, 1, 2)));
Reported by FlawFinder.
Line: 72
Column: 76
CWE codes:
134
Suggestion:
Use a constant for the format specification
size_t fwrite(const void* ptr, size_t size, size_t nmemb, FILE*);
int vprintf(const char* fmt, va_list) __attribute__((format(printf, 1, 0)));
int vfprintf(FILE*, const char* fmt, va_list) __attribute__((format(printf, 2, 0)));
int vasprintf(char** strp, const char* fmt, va_list) __attribute__((format(printf, 2, 0)));
int vsprintf(char* buffer, const char* fmt, va_list) __attribute__((format(printf, 2, 0)));
int vsnprintf(char* buffer, size_t, const char* fmt, va_list) __attribute__((format(printf, 3, 0)));
int fprintf(FILE*, const char* fmt, ...) __attribute__((format(printf, 2, 3)));
int printf(const char* fmt, ...) __attribute__((format(printf, 1, 2)));
void dbgputch(char);
Reported by FlawFinder.
Line: 73
Column: 5
CWE codes:
134
Suggestion:
Make format string constant
int vprintf(const char* fmt, va_list) __attribute__((format(printf, 1, 0)));
int vfprintf(FILE*, const char* fmt, va_list) __attribute__((format(printf, 2, 0)));
int vasprintf(char** strp, const char* fmt, va_list) __attribute__((format(printf, 2, 0)));
int vsprintf(char* buffer, const char* fmt, va_list) __attribute__((format(printf, 2, 0)));
int vsnprintf(char* buffer, size_t, const char* fmt, va_list) __attribute__((format(printf, 3, 0)));
int fprintf(FILE*, const char* fmt, ...) __attribute__((format(printf, 2, 3)));
int printf(const char* fmt, ...) __attribute__((format(printf, 1, 2)));
void dbgputch(char);
void dbgputstr(const char*, size_t);
Reported by FlawFinder.
Line: 73
Column: 76
CWE codes:
134
Suggestion:
Use a constant for the format specification
int vprintf(const char* fmt, va_list) __attribute__((format(printf, 1, 0)));
int vfprintf(FILE*, const char* fmt, va_list) __attribute__((format(printf, 2, 0)));
int vasprintf(char** strp, const char* fmt, va_list) __attribute__((format(printf, 2, 0)));
int vsprintf(char* buffer, const char* fmt, va_list) __attribute__((format(printf, 2, 0)));
int vsnprintf(char* buffer, size_t, const char* fmt, va_list) __attribute__((format(printf, 3, 0)));
int fprintf(FILE*, const char* fmt, ...) __attribute__((format(printf, 2, 3)));
int printf(const char* fmt, ...) __attribute__((format(printf, 1, 2)));
void dbgputch(char);
void dbgputstr(const char*, size_t);
Reported by FlawFinder.
Line: 74
Column: 5
CWE codes:
134
Suggestion:
Use a constant for the format specification
int vfprintf(FILE*, const char* fmt, va_list) __attribute__((format(printf, 2, 0)));
int vasprintf(char** strp, const char* fmt, va_list) __attribute__((format(printf, 2, 0)));
int vsprintf(char* buffer, const char* fmt, va_list) __attribute__((format(printf, 2, 0)));
int vsnprintf(char* buffer, size_t, const char* fmt, va_list) __attribute__((format(printf, 3, 0)));
int fprintf(FILE*, const char* fmt, ...) __attribute__((format(printf, 2, 3)));
int printf(const char* fmt, ...) __attribute__((format(printf, 1, 2)));
void dbgputch(char);
void dbgputstr(const char*, size_t);
int sprintf(char* buffer, const char* fmt, ...) __attribute__((format(printf, 2, 3)));
Reported by FlawFinder.
Line: 74
Column: 85
CWE codes:
134
Suggestion:
Use a constant for the format specification
int vfprintf(FILE*, const char* fmt, va_list) __attribute__((format(printf, 2, 0)));
int vasprintf(char** strp, const char* fmt, va_list) __attribute__((format(printf, 2, 0)));
int vsprintf(char* buffer, const char* fmt, va_list) __attribute__((format(printf, 2, 0)));
int vsnprintf(char* buffer, size_t, const char* fmt, va_list) __attribute__((format(printf, 3, 0)));
int fprintf(FILE*, const char* fmt, ...) __attribute__((format(printf, 2, 3)));
int printf(const char* fmt, ...) __attribute__((format(printf, 1, 2)));
void dbgputch(char);
void dbgputstr(const char*, size_t);
int sprintf(char* buffer, const char* fmt, ...) __attribute__((format(printf, 2, 3)));
Reported by FlawFinder.
Line: 75
Column: 64
CWE codes:
134
Suggestion:
Use a constant for the format specification
int vasprintf(char** strp, const char* fmt, va_list) __attribute__((format(printf, 2, 0)));
int vsprintf(char* buffer, const char* fmt, va_list) __attribute__((format(printf, 2, 0)));
int vsnprintf(char* buffer, size_t, const char* fmt, va_list) __attribute__((format(printf, 3, 0)));
int fprintf(FILE*, const char* fmt, ...) __attribute__((format(printf, 2, 3)));
int printf(const char* fmt, ...) __attribute__((format(printf, 1, 2)));
void dbgputch(char);
void dbgputstr(const char*, size_t);
int sprintf(char* buffer, const char* fmt, ...) __attribute__((format(printf, 2, 3)));
int asprintf(char** strp, const char* fmt, ...) __attribute__((format(printf, 2, 3)));
Reported by FlawFinder.
Userland/Libraries/LibC/netdb.cpp
27 issues
Line: 287
Column: 25
CWE codes:
362
{
//If the services file is not open, attempt to open it and return null if it fails.
if (!services_file) {
services_file = fopen(services_path, "r");
if (!services_file) {
perror("error opening services file");
return nullptr;
}
Reported by FlawFinder.
Line: 401
Column: 25
CWE codes:
362
void setservent(int stay_open)
{
if (!services_file) {
services_file = fopen(services_path, "r");
if (!services_file) {
perror("error opening services file");
return;
}
Reported by FlawFinder.
Line: 480
Column: 26
CWE codes:
362
{
// If protocols file isn't open, attempt to open and return null on failure.
if (!protocols_file) {
protocols_file = fopen(protocols_path, "r");
if (!protocols_file) {
perror("error opening protocols file");
return nullptr;
}
Reported by FlawFinder.
Line: 588
Column: 26
CWE codes:
362
void setprotoent(int stay_open)
{
if (!protocols_file) {
protocols_file = fopen(protocols_path, "r");
if (!protocols_file) {
perror("setprotoent(): error opening protocols file");
return;
}
Reported by FlawFinder.
Line: 712
Column: 9
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
sockaddr_in* sin = new sockaddr_in;
sin->sin_family = AF_INET;
sin->sin_port = port;
memcpy(&sin->sin_addr.s_addr, host_ent->h_addr_list[host_index], host_ent->h_length);
addrinfo* info = new addrinfo;
info->ai_flags = 0;
info->ai_family = AF_INET;
info->ai_socktype = socktype;
Reported by FlawFinder.
Line: 41
Column: 60
CWE codes:
120
20
static FILE* services_file = nullptr;
static const char* services_path = "/etc/services";
static bool fill_getserv_buffers(const char* line, ssize_t read);
static servent __getserv_buffer;
static String __getserv_name_buffer;
static String __getserv_protocol_buffer;
static int __getserv_port_buffer;
static Vector<ByteBuffer> __getserv_alias_list_buffer;
Reported by FlawFinder.
Line: 55
Column: 61
CWE codes:
120
20
static FILE* protocols_file = nullptr;
static const char* protocols_path = "/etc/protocols";
static bool fill_getproto_buffers(const char* line, ssize_t read);
static protoent __getproto_buffer;
static String __getproto_name_buffer;
static Vector<ByteBuffer> __getproto_alias_list_buffer;
static Vector<char*> __getproto_alias_list;
static int __getproto_protocol_buffer;
Reported by FlawFinder.
Line: 113
Column: 26
CWE codes:
126
close(fd);
});
size_t name_length = strlen(name);
struct [[gnu::packed]] {
u32 message_size;
i32 endpoint_magic;
i32 message_id;
Reported by FlawFinder.
Line: 147
Column: 17
CWE codes:
120
20
u64 addresses_count;
} response_header;
int nrecv = read(fd, &response_header, sizeof(response_header));
if (nrecv < 0) {
perror("recv");
return nullptr;
}
VERIFY((size_t)nrecv == sizeof(response_header));
Reported by FlawFinder.
Line: 164
Column: 13
CWE codes:
120
20
VERIFY(response_header.addresses_count > 0);
i32 response_length;
nrecv = read(fd, &response_length, sizeof(response_length));
if (nrecv < 0) {
perror("recv");
return nullptr;
}
VERIFY((size_t)nrecv == sizeof(response_length));
Reported by FlawFinder.
Userland/Libraries/LibC/stdlib.cpp
23 issues
Line: 758
Column: 5
CWE codes:
78
Suggestion:
try using a library call that implements the same functionality if available
srand(seed);
}
int system(const char* command)
{
if (!command)
return 1;
pid_t child;
Reported by FlawFinder.
Line: 772
Column: 7
CWE codes:
377
return WEXITSTATUS(wstatus);
}
char* mktemp(char* pattern)
{
auto error = generate_unique_filename(pattern, [&] {
struct stat st;
int rc = lstat(pattern, &st);
if (rc < 0 && errno == ENOENT)
Reported by FlawFinder.
Line: 250
Column: 7
CWE codes:
807
20
Suggestion:
Check environment variables carefully before using them
s_malloced_environment_variables.remove(var);
}
char* getenv(const char* name)
{
size_t vl = strlen(name);
for (size_t i = 0; environ[i]; ++i) {
const char* decl = environ[i];
char* eq = strchr(decl, '=');
Reported by FlawFinder.
Line: 272
Column: 12
CWE codes:
807
20
Suggestion:
Check environment variables carefully before using them
{
if (getauxval(AT_SECURE))
return nullptr;
return getenv(name);
}
int unsetenv(const char* name)
{
auto new_var_len = strlen(name);
Reported by FlawFinder.
Line: 317
Column: 23
CWE codes:
807
20
Suggestion:
Check environment variables carefully before using them
int setenv(const char* name, const char* value, int overwrite)
{
if (!overwrite && getenv(name))
return 0;
auto length = strlen(name) + strlen(value) + 2;
auto* var = (char*)malloc(length);
snprintf(var, length, "%s=%s", name, value);
s_malloced_environment_variables.set(var);
Reported by FlawFinder.
Line: 733
Column: 6
CWE codes:
327
Suggestion:
Use a more secure technique for acquiring random values
return ((unsigned)(s_next_rand / ((RAND_MAX + 1) * 2)) % (RAND_MAX + 1));
}
void srand(unsigned seed)
{
s_next_rand = seed;
}
int abs(int i)
Reported by FlawFinder.
Line: 748
Column: 10
CWE codes:
327
Suggestion:
Use a more secure technique for acquiring random values
return i < 0 ? -i : i;
}
long int random()
{
return rand();
}
void srandom(unsigned seed)
Reported by FlawFinder.
Line: 753
Column: 6
CWE codes:
327
Suggestion:
Use a more secure technique for acquiring random values
return rand();
}
void srandom(unsigned seed)
{
srand(seed);
}
int system(const char* command)
Reported by FlawFinder.
Line: 755
Column: 5
CWE codes:
327
Suggestion:
Use a more secure technique for acquiring random values
void srandom(unsigned seed)
{
srand(seed);
}
int system(const char* command)
{
if (!command)
Reported by FlawFinder.
Line: 1134
Column: 7
CWE codes:
120/785!
Suggestion:
Ensure that the destination buffer is at least of size MAXPATHLEN, andto protect against implementation problems, the input argument should also be checked to ensure it is no larger than MAXPATHLEN
return AK::get_random_uniform(max_bounds);
}
char* realpath(const char* pathname, char* buffer)
{
if (!pathname) {
errno = EFAULT;
return nullptr;
}
Reported by FlawFinder.
Userland/Libraries/LibCore/File.cpp
21 issues
Line: 276
Column: 9
CWE codes:
362
20
Suggestion:
Reconsider approach
return {};
char* buffer_ptr;
auto buffer = StringImpl::create_uninitialized(statbuf.st_size, buffer_ptr);
if (readlink(link_path.characters(), buffer_ptr, statbuf.st_size) < 0)
return {};
// (See above.)
if (rc == statbuf.st_size)
return { *buffer };
return { buffer_ptr, (size_t)rc };
Reported by FlawFinder.
Line: 475
Column: 9
CWE codes:
362
Suggestion:
Use fchmod( ) instead
auto my_umask = umask(0);
umask(my_umask);
if (chmod(dst_path.characters(), src_stat.st_mode & ~my_umask) < 0)
return CopyError { OSError(errno), false };
if (preserve_mode == PreserveMode::PermissionsOwnershipTimestamps) {
if (chown(dst_path.characters(), src_stat.st_uid, src_stat.st_gid) < 0)
return CopyError { OSError(errno), false };
Reported by FlawFinder.
Line: 479
Column: 13
CWE codes:
362
Suggestion:
Use fchown( ) instead
return CopyError { OSError(errno), false };
if (preserve_mode == PreserveMode::PermissionsOwnershipTimestamps) {
if (chown(dst_path.characters(), src_stat.st_uid, src_stat.st_gid) < 0)
return CopyError { OSError(errno), false };
// FIXME: Implement utimens() and use it here.
struct utimbuf timbuf;
timbuf.actime = src_stat.st_atime;
Reported by FlawFinder.
Line: 346
Column: 16
CWE codes:
362/367!
Suggestion:
Set up the correct permissions (e.g., using setuid()) and try to open the file directly
{
if (add_duplicate_file_marker == AddDuplicateFileMarker::Yes) {
int duplicate_count = 0;
while (access(get_duplicate_name(dst_path, duplicate_count).characters(), F_OK) == 0) {
++duplicate_count;
}
if (duplicate_count != 0) {
return copy_file_or_directory(get_duplicate_name(dst_path, duplicate_count), src_path, RecursionMode::Allowed, LinkMode::Disallowed, AddDuplicateFileMarker::Yes, preserve_mode);
}
Reported by FlawFinder.
Line: 496
Column: 12
CWE codes:
362/367!
Suggestion:
Set up the correct permissions (e.g., using setuid()) and try to open the file directly
Result<void, OSError> File::link_file(String const& dst_path, String const& src_path)
{
int duplicate_count = 0;
while (access(get_duplicate_name(dst_path, duplicate_count).characters(), F_OK) == 0) {
++duplicate_count;
}
if (duplicate_count != 0) {
return link_file(src_path, get_duplicate_name(dst_path, duplicate_count));
}
Reported by FlawFinder.
Line: 160
Column: 18
CWE codes:
120/785!
Suggestion:
Ensure that the destination buffer is at least of size MAXPATHLEN, andto protect against implementation problems, the input argument should also be checked to ensure it is no larger than MAXPATHLEN
{
if (filename.is_null())
return {};
auto* path = realpath(filename.characters(), nullptr);
String real_path(path);
free(path);
return real_path;
}
Reported by FlawFinder.
Line: 30
Column: 44
CWE codes:
362
namespace Core {
Result<NonnullRefPtr<File>, OSError> File::open(String filename, OpenMode mode, mode_t permissions)
{
auto file = File::construct(move(filename));
if (!file->open_impl(mode, permissions))
return OSError(file->error());
return file;
Reported by FlawFinder.
Line: 50
Column: 12
CWE codes:
362
close();
}
bool File::open(int fd, OpenMode mode, ShouldCloseFileDescriptor should_close)
{
set_fd(fd);
set_mode(mode);
m_should_close_file_descriptor = should_close;
return true;
Reported by FlawFinder.
Line: 58
Column: 12
CWE codes:
362
return true;
}
bool File::open(OpenMode mode)
{
return open_impl(mode, 0666);
}
bool File::open_impl(OpenMode mode, mode_t permissions)
Reported by FlawFinder.
Line: 85
Column: 16
CWE codes:
362
flags |= O_EXCL;
if (!has_flag(mode, OpenMode::KeepOnExec))
flags |= O_CLOEXEC;
int fd = ::open(m_filename.characters(), flags, permissions);
if (fd < 0) {
set_error(errno);
return false;
}
Reported by FlawFinder.
Userland/Shell/Shell.cpp
21 issues
Line: 1086
return; // We cannot wait for a suspended job.
ScopeGuard io_restorer { [&]() {
if (job->exited() && !job->is_running_in_background()) {
restore_ios();
}
} };
bool job_exited { false };
Reported by Cppcheck.
Line: 521
Column: 29
CWE codes:
362/367!
Suggestion:
Set up the correct permissions (e.g., using setuid()) and try to open the file directly
{
auto parts = name.split_view('/');
auto path = name.to_string();
if (parts.size() > 1 && access(path.characters(), X_OK) == 0)
return true;
return binary_search(
cached_path.span(),
path,
Reported by FlawFinder.
Line: 873
Column: 14
CWE codes:
78
Suggestion:
try using a library call that implements the same functionality if available
void Shell::execute_process(Vector<const char*>&& argv)
{
int rc = execvp(argv[0], const_cast<char* const*>(argv.data()));
if (rc < 0) {
auto parts = StringView { argv[0] }.split_view('/');
if (parts.size() == 1) {
// If this is a path in the current directory and it caused execvp() to fail,
// simply don't attempt to execute it, see #6774.
Reported by FlawFinder.
Line: 906
Column: 26
CWE codes:
78
Suggestion:
try using a library call that implements the same functionality if available
GenericLexer shebang_lexer { line.substring_view(2) };
auto shebang = shebang_lexer.consume_until(is_any_of("\n\r")).to_string();
argv.prepend(shebang.characters());
int rc = execvp(argv[0], const_cast<char* const*>(argv.data()));
if (rc < 0) {
warnln("{}: Invalid interpreter \"{}\": {}", argv[0], shebang.characters(), strerror(errno));
_exit(126);
}
} while (false);
Reported by FlawFinder.
Line: 1292
Column: 21
CWE codes:
362/367!
Suggestion:
Set up the correct permissions (e.g., using setuid()) and try to open the file directly
while (programs.has_next()) {
auto program = programs.next_path();
auto program_path = String::formatted("{}/{}", directory, program);
if (access(program_path.characters(), X_OK) != 0)
continue;
if (program == program_name)
return program_path;
}
}
Reported by FlawFinder.
Line: 1342
Column: 21
CWE codes:
362/367!
Suggestion:
Set up the correct permissions (e.g., using setuid()) and try to open the file directly
auto escaped_name = escape_token(program);
if (cached_path.contains_slow(escaped_name))
continue;
if (access(program_path.characters(), X_OK) == 0)
cached_path.append(escaped_name);
}
}
}
Reported by FlawFinder.
Line: 1465
Column: 74
CWE codes:
362/367!
Suggestion:
Set up the correct permissions (e.g., using setuid()) and try to open the file directly
struct stat program_status;
auto file_path = String::formatted("{}/{}", path, file);
int stat_error = stat(file_path.characters(), &program_status);
if (!stat_error && (executable_only == ExecutableOnly::No || access(file_path.characters(), X_OK) == 0)) {
if (S_ISDIR(program_status.st_mode)) {
suggestions.append({ escape_token(file), "/" });
} else {
if (!allow_direct_children && !file.contains("/"))
continue;
Reported by FlawFinder.
Line: 79
Column: 21
CWE codes:
807
20
Suggestion:
Check environment variables carefully before using them
String Shell::prompt() const
{
auto build_prompt = [&]() -> String {
auto* ps1 = getenv("PROMPT");
if (!ps1) {
if (uid == 0)
return "# ";
StringBuilder builder;
Reported by FlawFinder.
Line: 113
Column: 40
CWE codes:
807
20
Suggestion:
Check environment variables carefully before using them
builder.append(hostname);
break;
case 'w': {
String home_path = getenv("HOME");
if (cwd.starts_with(home_path)) {
builder.append('~');
builder.append(cwd.substring_view(home_path.length(), cwd.length() - home_path.length()));
} else {
builder.append(cwd);
Reported by FlawFinder.
Line: 155
Column: 28
CWE codes:
807
20
Suggestion:
Check environment variables carefully before using them
path.append(expression[i]);
if (login_name.is_empty()) {
const char* home = getenv("HOME");
if (!home) {
auto passwd = getpwuid(getuid());
VERIFY(passwd && passwd->pw_dir);
return String::formatted("{}/{}", passwd->pw_dir, path.to_string());
}
Reported by FlawFinder.