The following issues were found
Kernel/FileSystem/FileDescription.h
4 issues
Line: 58
Column: 13
CWE codes:
362
Suggestion:
Use fchmod( ) instead
KResultOr<size_t> read(UserOrKernelBuffer&, u64 offset, size_t);
KResultOr<size_t> write(u64 offset, UserOrKernelBuffer const&, size_t);
KResult chmod(mode_t);
bool can_read() const;
bool can_write() const;
KResultOr<size_t> get_dir_entries(UserOrKernelBuffer& buffer, size_t);
Reported by FlawFinder.
Line: 126
Column: 13
CWE codes:
362
Suggestion:
Use fchown( ) instead
off_t offset() const { return m_current_offset; }
KResult chown(uid_t, gid_t);
FileBlockCondition& block_condition();
KResult apply_flock(Process const&, Userspace<flock const*>);
KResult get_flock(Userspace<flock*>) const;
Reported by FlawFinder.
Line: 50
Column: 23
CWE codes:
120
20
KResult close();
KResultOr<off_t> seek(off_t, int whence);
KResultOr<size_t> read(UserOrKernelBuffer&, size_t);
KResultOr<size_t> write(const UserOrKernelBuffer& data, size_t);
KResult stat(::stat&);
// NOTE: These ignore the current offset of this file description.
KResultOr<size_t> read(UserOrKernelBuffer&, u64 offset, size_t);
Reported by FlawFinder.
Line: 55
Column: 23
CWE codes:
120
20
KResult stat(::stat&);
// NOTE: These ignore the current offset of this file description.
KResultOr<size_t> read(UserOrKernelBuffer&, u64 offset, size_t);
KResultOr<size_t> write(u64 offset, UserOrKernelBuffer const&, size_t);
KResult chmod(mode_t);
bool can_read() const;
Reported by FlawFinder.
Userland/DevTools/IPCCompiler/main.cpp
4 issues
Line: 88
Column: 16
CWE codes:
362
}
auto file = Core::File::construct(argv[1]);
if (!file->open(Core::OpenMode::ReadOnly)) {
warnln("Error: Cannot open {}: {}", argv[1], file->error_string());
return 1;
}
auto file_contents = file->read_all();
Reported by FlawFinder.
Line: 667
Column: 34
CWE codes:
120
20
)~~~");
if constexpr (GENERATE_DEBUG) {
endpoint_generator.append(R"~~~(
dbgln("Failed to read message endpoint magic");
)~~~");
}
endpoint_generator.append(R"~~~(
return {};
}
Reported by FlawFinder.
Line: 691
Column: 34
CWE codes:
120
20
)~~~");
if constexpr (GENERATE_DEBUG) {
endpoint_generator.append(R"~~~(
dbgln("Failed to read message ID");
)~~~");
}
endpoint_generator.append(R"~~~(
return {};
}
Reported by FlawFinder.
Line: 737
Column: 34
CWE codes:
120
20
)~~~");
if constexpr (GENERATE_DEBUG) {
endpoint_generator.append(R"~~~(
dbgln("Failed to read the message");
)~~~");
}
endpoint_generator.append(R"~~~(
return {};
}
Reported by FlawFinder.
Kernel/FileSystem/File.h
4 issues
Line: 98
Column: 21
CWE codes:
362
Suggestion:
Use fchown( ) instead
virtual String absolute_path(const FileDescription&) const = 0;
virtual KResult truncate(u64) { return EINVAL; }
virtual KResult chown(FileDescription&, uid_t, gid_t) { return EBADF; }
virtual KResult chmod(FileDescription&, mode_t) { return EBADF; }
virtual StringView class_name() const = 0;
virtual bool is_seekable() const { return false; }
Reported by FlawFinder.
Line: 99
Column: 21
CWE codes:
362
Suggestion:
Use fchmod( ) instead
virtual KResult truncate(u64) { return EINVAL; }
virtual KResult chown(FileDescription&, uid_t, gid_t) { return EBADF; }
virtual KResult chmod(FileDescription&, mode_t) { return EBADF; }
virtual StringView class_name() const = 0;
virtual bool is_seekable() const { return false; }
Reported by FlawFinder.
Line: 80
Column: 55
CWE codes:
362
virtual bool unref() const;
virtual ~File();
virtual KResultOr<NonnullRefPtr<FileDescription>> open(int options);
virtual KResult close();
virtual bool can_read(const FileDescription&, size_t) const = 0;
virtual bool can_write(const FileDescription&, size_t) const = 0;
Reported by FlawFinder.
Line: 89
Column: 31
CWE codes:
120
20
virtual KResult attach(FileDescription&);
virtual void detach(FileDescription&);
virtual void did_seek(FileDescription&, off_t) { }
virtual KResultOr<size_t> read(FileDescription&, u64, UserOrKernelBuffer&, size_t) = 0;
virtual KResultOr<size_t> write(FileDescription&, u64, const UserOrKernelBuffer&, size_t) = 0;
virtual KResult ioctl(FileDescription&, unsigned request, Userspace<void*> arg);
virtual KResultOr<Memory::Region*> mmap(Process&, FileDescription&, Memory::VirtualRange const&, u64 offset, int prot, bool shared);
virtual KResult stat(::stat&) const { return EBADF; }
Reported by FlawFinder.
AK/FileStream.h
4 issues
Line: 72
Column: 9
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
if (errno != ESPIPE)
return false;
char buf[4];
size_t i = 0;
while (i < count) {
auto size = min(count - i, 4ul);
if (read({ buf, size }) < size) {
// Can't reset here.
Reported by FlawFinder.
Line: 45
Column: 12
CWE codes:
120
20
bool unreliable_eof() const override { return eof(); }
bool eof() const { return feof(m_file); }
size_t read(Bytes bytes) override
{
if (has_any_error())
return 0;
return fread(bytes.data(), sizeof(u8), bytes.size(), m_file);
}
Reported by FlawFinder.
Userland/Libraries/LibSQL/Value.cpp
4 issues
Line: 207
Column: 9
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
m_deserialize = [&](ByteBuffer& buffer, size_t& at_offset) {
int len;
memcpy(&len, buffer.offset_pointer((int)at_offset), sizeof(int));
at_offset += sizeof(int);
m_impl = String((const char*)buffer.offset_pointer((int)at_offset));
at_offset += 64;
};
Reported by FlawFinder.
Line: 214
Column: 9
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
};
m_serialize = [&](ByteBuffer& buffer) {
char zeroes[64];
int len = min((int)m_impl.get<String>().length(), 63);
buffer.append(&len, sizeof(int));
buffer.append(m_impl.get<String>().characters(), len);
memset(zeroes, 0, 64);
Reported by FlawFinder.
Line: 286
Column: 9
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
m_size = []() { return sizeof(int); };
m_deserialize = [&](ByteBuffer& buffer, size_t& at_offset) {
memcpy(m_impl.get_pointer<int>(), buffer.offset_pointer((int)at_offset), sizeof(int));
at_offset += sizeof(int);
};
m_serialize = [&](ByteBuffer& buffer) {
buffer.append(m_impl.get_pointer<int>(), sizeof(int));
Reported by FlawFinder.
Line: 353
Column: 9
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
m_size = []() { return sizeof(double); };
m_deserialize = [&](ByteBuffer& buffer, size_t& at_offset) {
memcpy(m_impl.get_pointer<double>(), buffer.offset_pointer((int)at_offset), sizeof(double));
at_offset += sizeof(double);
};
m_serialize = [&](ByteBuffer& buffer) {
buffer.append(m_impl.get_pointer<double>(), sizeof(double));
Reported by FlawFinder.
Userland/Libraries/LibJS/Runtime/MathObject.cpp
4 issues
Line: 82
}
// 21.3.2.1 Math.abs ( x ), https://tc39.es/ecma262/#sec-math.abs
JS_DEFINE_NATIVE_FUNCTION(MathObject::abs)
{
auto number = vm.argument(0).to_number(global_object);
if (vm.exception())
return {};
if (number.is_nan())
Reported by Cppcheck.
Line: 28
Column: 45
CWE codes:
327
Suggestion:
Use a more secure technique for acquiring random values
Object::initialize(global_object);
u8 attr = Attribute::Writable | Attribute::Configurable;
define_native_function(vm.names.abs, abs, 1, attr);
define_native_function(vm.names.random, random, 0, attr);
define_native_function(vm.names.sqrt, sqrt, 1, attr);
define_native_function(vm.names.floor, floor, 1, attr);
define_native_function(vm.names.ceil, ceil, 1, attr);
define_native_function(vm.names.round, round, 1, attr);
define_native_function(vm.names.max, max, 2, attr);
Reported by FlawFinder.
Line: 28
Column: 37
CWE codes:
327
Suggestion:
Use a more secure technique for acquiring random values
Object::initialize(global_object);
u8 attr = Attribute::Writable | Attribute::Configurable;
define_native_function(vm.names.abs, abs, 1, attr);
define_native_function(vm.names.random, random, 0, attr);
define_native_function(vm.names.sqrt, sqrt, 1, attr);
define_native_function(vm.names.floor, floor, 1, attr);
define_native_function(vm.names.ceil, ceil, 1, attr);
define_native_function(vm.names.round, round, 1, attr);
define_native_function(vm.names.max, max, 2, attr);
Reported by FlawFinder.
Line: 97
Column: 39
CWE codes:
327
Suggestion:
Use a more secure technique for acquiring random values
}
// 21.3.2.27 Math.random ( ), https://tc39.es/ecma262/#sec-math.random
JS_DEFINE_NATIVE_FUNCTION(MathObject::random)
{
#ifdef __serenity__
double r = (double)get_random<u32>() / (double)UINT32_MAX;
#else
double r = (double)rand() / (double)RAND_MAX;
Reported by FlawFinder.
Userland/Libraries/LibDesktop/Launcher.cpp
4 issues
Line: 40
class LaunchServerConnection final
: public IPC::ServerConnection<LaunchClientEndpoint, LaunchServerEndpoint>
, public LaunchClientEndpoint {
C_OBJECT(LaunchServerConnection)
private:
LaunchServerConnection()
: IPC::ServerConnection<LaunchClientEndpoint, LaunchServerEndpoint>(*this, "/tmp/portal/launch")
{
}
Reported by Cppcheck.
Line: 94
Column: 16
CWE codes:
362
return true;
}
bool Launcher::open(const URL& url, const String& handler_name)
{
return connection().open_url(url, handler_name);
}
bool Launcher::open(const URL& url, const Details& details)
Reported by FlawFinder.
Line: 99
Column: 16
CWE codes:
362
return connection().open_url(url, handler_name);
}
bool Launcher::open(const URL& url, const Details& details)
{
VERIFY(details.launcher_type != LauncherType::Application); // Launcher should not be used to execute arbitrary applications
return open(url, details.executable);
}
Reported by FlawFinder.
Line: 102
Column: 12
CWE codes:
362
bool Launcher::open(const URL& url, const Details& details)
{
VERIFY(details.launcher_type != LauncherType::Application); // Launcher should not be used to execute arbitrary applications
return open(url, details.executable);
}
Vector<String> Launcher::get_handlers_for_url(const URL& url)
{
return connection().get_handlers_for_url(url.to_string());
Reported by FlawFinder.
Userland/Applications/SpaceAnalyzer/main.cpp
4 issues
Line: 233
Column: 25
CWE codes:
362/367!
Suggestion:
Set up the correct permissions (e.g., using setuid()) and try to open the file directly
static bool is_removable(const String& absolute_path)
{
VERIFY(!absolute_path.is_empty());
int access_result = access(absolute_path.characters(), W_OK);
if (access_result != 0 && errno != EACCES)
perror("access");
return access_result == 0;
}
Reported by FlawFinder.
Line: 77
Column: 16
CWE codes:
362
{
// Output info about currently mounted filesystems.
auto file = Core::File::construct("/proc/df");
if (!file->open(Core::OpenMode::ReadOnly)) {
warnln("Failed to open {}: {}", file->name(), file->error_string());
return;
}
auto content = file->read_all();
Reported by FlawFinder.
Line: 286
Column: 28
CWE codes:
362
// Configure the nodes context menu.
auto open_folder_action = GUI::Action::create("Open Folder", { Mod_Ctrl, Key_O }, Gfx::Bitmap::try_load_from_file("/res/icons/16x16/open.png"), [&](auto&) {
Desktop::Launcher::open(URL::create_with_file_protocol(get_absolute_path_to_selected_node(treemapwidget)));
});
auto open_containing_folder_action = GUI::Action::create("Open Containing Folder", { Mod_Ctrl, Key_O }, Gfx::Bitmap::try_load_from_file("/res/icons/16x16/open.png"), [&](auto&) {
LexicalPath path { get_absolute_path_to_selected_node(treemapwidget) };
Desktop::Launcher::open(URL::create_with_file_protocol(path.dirname(), path.basename()));
});
Reported by FlawFinder.
Line: 290
Column: 28
CWE codes:
362
});
auto open_containing_folder_action = GUI::Action::create("Open Containing Folder", { Mod_Ctrl, Key_O }, Gfx::Bitmap::try_load_from_file("/res/icons/16x16/open.png"), [&](auto&) {
LexicalPath path { get_absolute_path_to_selected_node(treemapwidget) };
Desktop::Launcher::open(URL::create_with_file_protocol(path.dirname(), path.basename()));
});
auto copy_path_action = GUI::Action::create("Copy Path to Clipboard", { Mod_Ctrl, Key_C }, Gfx::Bitmap::try_load_from_file("/res/icons/16x16/edit-copy.png"), [&](auto&) {
GUI::Clipboard::the().set_plain_text(get_absolute_path_to_selected_node(treemapwidget));
});
auto delete_action = GUI::CommonActions::make_delete_action([&](auto&) {
Reported by FlawFinder.
Kernel/FileSystem/DevFS.cpp
4 issues
Line: 125
Column: 21
CWE codes:
362
Suggestion:
Use fchmod( ) instead
return EROFS;
}
KResult DevFSInode::chmod(mode_t)
{
return EPERM;
}
KResult DevFSInode::chown(uid_t, gid_t)
Reported by FlawFinder.
Line: 130
Column: 21
CWE codes:
362
Suggestion:
Use fchown( ) instead
return EPERM;
}
KResult DevFSInode::chown(uid_t, gid_t)
{
return EPERM;
}
KResult DevFSInode::truncate(u64)
Reported by FlawFinder.
Line: 328
Column: 27
CWE codes:
362
Suggestion:
Use fchown( ) instead
{
}
KResult DevFSDeviceInode::chown(uid_t uid, gid_t gid)
{
MutexLocker locker(m_inode_lock);
m_uid = uid;
m_gid = gid;
return KSuccess;
Reported by FlawFinder.
Line: 347
Column: 58
CWE codes:
120
20
VERIFY(!!description);
if (!m_attached_device->can_read(*description, offset))
return 0;
auto nread = const_cast<Device&>(*m_attached_device).read(*description, offset, buffer, count);
if (nread.is_error())
return EIO;
return nread.value();
}
Reported by FlawFinder.
Kernel/FileSystem/BlockBasedFileSystem.cpp
4 issues
Line: 163
Column: 19
CWE codes:
120
20
if (result.is_error())
return result;
}
if (!data.read(entry.data + offset, count))
return EFAULT;
cache->mark_dirty(entry);
entry.has_data = true;
return KSuccess;
Reported by FlawFinder.
Line: 175
Column: 37
CWE codes:
120
20
bool BlockBasedFileSystem::raw_read(BlockIndex index, UserOrKernelBuffer& buffer)
{
auto base_offset = index.value() * m_logical_block_size;
auto nread = file_description().read(buffer, base_offset, m_logical_block_size);
VERIFY(!nread.is_error());
VERIFY(nread.value() == m_logical_block_size);
return true;
}
Reported by FlawFinder.
Line: 234
Column: 45
CWE codes:
120
20
if (!allow_cache) {
const_cast<BlockBasedFileSystem*>(this)->flush_specific_block_if_needed(index);
auto base_offset = index.value() * block_size() + offset;
auto nread = file_description().read(*buffer, base_offset, count);
if (nread.is_error())
return nread.error();
VERIFY(nread.value() == count);
return KSuccess;
}
Reported by FlawFinder.
Line: 245
Column: 45
CWE codes:
120
20
if (!entry.has_data) {
auto base_offset = index.value() * block_size();
auto entry_data_buffer = UserOrKernelBuffer::for_kernel_buffer(entry.data);
auto nread = file_description().read(entry_data_buffer, base_offset, block_size());
if (nread.is_error())
return nread.error();
VERIFY(nread.value() == block_size());
entry.has_data = true;
}
Reported by FlawFinder.