The following issues were found
Userland/Applications/SpaceAnalyzer/main.cpp
4 issues
Line: 233
Column: 25
CWE codes:
362/367!
Suggestion:
Set up the correct permissions (e.g., using setuid()) and try to open the file directly
static bool is_removable(const String& absolute_path)
{
VERIFY(!absolute_path.is_empty());
int access_result = access(absolute_path.characters(), W_OK);
if (access_result != 0 && errno != EACCES)
perror("access");
return access_result == 0;
}
Reported by FlawFinder.
Line: 77
Column: 16
CWE codes:
362
{
// Output info about currently mounted filesystems.
auto file = Core::File::construct("/proc/df");
if (!file->open(Core::OpenMode::ReadOnly)) {
warnln("Failed to open {}: {}", file->name(), file->error_string());
return;
}
auto content = file->read_all();
Reported by FlawFinder.
Line: 286
Column: 28
CWE codes:
362
// Configure the nodes context menu.
auto open_folder_action = GUI::Action::create("Open Folder", { Mod_Ctrl, Key_O }, Gfx::Bitmap::try_load_from_file("/res/icons/16x16/open.png"), [&](auto&) {
Desktop::Launcher::open(URL::create_with_file_protocol(get_absolute_path_to_selected_node(treemapwidget)));
});
auto open_containing_folder_action = GUI::Action::create("Open Containing Folder", { Mod_Ctrl, Key_O }, Gfx::Bitmap::try_load_from_file("/res/icons/16x16/open.png"), [&](auto&) {
LexicalPath path { get_absolute_path_to_selected_node(treemapwidget) };
Desktop::Launcher::open(URL::create_with_file_protocol(path.dirname(), path.basename()));
});
Reported by FlawFinder.
Line: 290
Column: 28
CWE codes:
362
});
auto open_containing_folder_action = GUI::Action::create("Open Containing Folder", { Mod_Ctrl, Key_O }, Gfx::Bitmap::try_load_from_file("/res/icons/16x16/open.png"), [&](auto&) {
LexicalPath path { get_absolute_path_to_selected_node(treemapwidget) };
Desktop::Launcher::open(URL::create_with_file_protocol(path.dirname(), path.basename()));
});
auto copy_path_action = GUI::Action::create("Copy Path to Clipboard", { Mod_Ctrl, Key_C }, Gfx::Bitmap::try_load_from_file("/res/icons/16x16/edit-copy.png"), [&](auto&) {
GUI::Clipboard::the().set_plain_text(get_absolute_path_to_selected_node(treemapwidget));
});
auto delete_action = GUI::CommonActions::make_delete_action([&](auto&) {
Reported by FlawFinder.
Userland/Libraries/LibJS/Runtime/MathObject.cpp
4 issues
Line: 82
}
// 21.3.2.1 Math.abs ( x ), https://tc39.es/ecma262/#sec-math.abs
JS_DEFINE_NATIVE_FUNCTION(MathObject::abs)
{
auto number = vm.argument(0).to_number(global_object);
if (vm.exception())
return {};
if (number.is_nan())
Reported by Cppcheck.
Line: 28
Column: 45
CWE codes:
327
Suggestion:
Use a more secure technique for acquiring random values
Object::initialize(global_object);
u8 attr = Attribute::Writable | Attribute::Configurable;
define_native_function(vm.names.abs, abs, 1, attr);
define_native_function(vm.names.random, random, 0, attr);
define_native_function(vm.names.sqrt, sqrt, 1, attr);
define_native_function(vm.names.floor, floor, 1, attr);
define_native_function(vm.names.ceil, ceil, 1, attr);
define_native_function(vm.names.round, round, 1, attr);
define_native_function(vm.names.max, max, 2, attr);
Reported by FlawFinder.
Line: 28
Column: 37
CWE codes:
327
Suggestion:
Use a more secure technique for acquiring random values
Object::initialize(global_object);
u8 attr = Attribute::Writable | Attribute::Configurable;
define_native_function(vm.names.abs, abs, 1, attr);
define_native_function(vm.names.random, random, 0, attr);
define_native_function(vm.names.sqrt, sqrt, 1, attr);
define_native_function(vm.names.floor, floor, 1, attr);
define_native_function(vm.names.ceil, ceil, 1, attr);
define_native_function(vm.names.round, round, 1, attr);
define_native_function(vm.names.max, max, 2, attr);
Reported by FlawFinder.
Line: 97
Column: 39
CWE codes:
327
Suggestion:
Use a more secure technique for acquiring random values
}
// 21.3.2.27 Math.random ( ), https://tc39.es/ecma262/#sec-math.random
JS_DEFINE_NATIVE_FUNCTION(MathObject::random)
{
#ifdef __serenity__
double r = (double)get_random<u32>() / (double)UINT32_MAX;
#else
double r = (double)rand() / (double)RAND_MAX;
Reported by FlawFinder.
Userland/Libraries/LibDesktop/AppFile.cpp
4 issues
Line: 20
Column: 12
CWE codes:
362
NonnullRefPtr<AppFile> AppFile::get_for_app(const StringView& app_name)
{
auto path = String::formatted("{}/{}.af", APP_FILES_DIRECTORY, app_name);
return open(path);
}
NonnullRefPtr<AppFile> AppFile::open(const StringView& path)
{
return adopt_ref(*new AppFile(path));
Reported by FlawFinder.
Line: 23
Column: 33
CWE codes:
362
return open(path);
}
NonnullRefPtr<AppFile> AppFile::open(const StringView& path)
{
return adopt_ref(*new AppFile(path));
}
void AppFile::for_each(Function<void(NonnullRefPtr<AppFile>)> callback, const StringView& directory)
Reported by FlawFinder.
Line: 38
Column: 28
CWE codes:
362
if (!name.ends_with(".af"))
continue;
auto path = String::formatted("{}/{}", directory, name);
auto af = AppFile::open(path);
if (!af->is_valid())
continue;
callback(af);
}
}
Reported by FlawFinder.
Line: 46
Column: 34
CWE codes:
362
}
AppFile::AppFile(const StringView& path)
: m_config(Core::ConfigFile::open(path))
, m_valid(validate())
{
}
AppFile::~AppFile()
Reported by FlawFinder.
Userland/Libraries/LibDesktop/Launcher.cpp
4 issues
Line: 40
class LaunchServerConnection final
: public IPC::ServerConnection<LaunchClientEndpoint, LaunchServerEndpoint>
, public LaunchClientEndpoint {
C_OBJECT(LaunchServerConnection)
private:
LaunchServerConnection()
: IPC::ServerConnection<LaunchClientEndpoint, LaunchServerEndpoint>(*this, "/tmp/portal/launch")
{
}
Reported by Cppcheck.
Line: 94
Column: 16
CWE codes:
362
return true;
}
bool Launcher::open(const URL& url, const String& handler_name)
{
return connection().open_url(url, handler_name);
}
bool Launcher::open(const URL& url, const Details& details)
Reported by FlawFinder.
Line: 99
Column: 16
CWE codes:
362
return connection().open_url(url, handler_name);
}
bool Launcher::open(const URL& url, const Details& details)
{
VERIFY(details.launcher_type != LauncherType::Application); // Launcher should not be used to execute arbitrary applications
return open(url, details.executable);
}
Reported by FlawFinder.
Line: 102
Column: 12
CWE codes:
362
bool Launcher::open(const URL& url, const Details& details)
{
VERIFY(details.launcher_type != LauncherType::Application); // Launcher should not be used to execute arbitrary applications
return open(url, details.executable);
}
Vector<String> Launcher::get_handlers_for_url(const URL& url)
{
return connection().get_handlers_for_url(url.to_string());
Reported by FlawFinder.
Kernel/Syscalls/mmap.cpp
4 issues
Line: 322
Column: 27
CWE codes:
362/367!
Suggestion:
Set up the correct permissions (e.g., using setuid()) and try to open the file directly
return EPERM;
if (!validate_mmap_prot(prot, whole_region->is_stack(), whole_region->vmobject().is_anonymous(), whole_region))
return EINVAL;
if (whole_region->access() == Memory::prot_to_region_access_flags(prot))
return 0;
if (whole_region->vmobject().is_inode()
&& !validate_inode_mmap_prot(*this, prot, static_cast<Memory::InodeVMObject const&>(whole_region->vmobject()).inode(), whole_region->is_shared())) {
return EACCES;
}
Reported by FlawFinder.
Line: 342
Column: 25
CWE codes:
362/367!
Suggestion:
Set up the correct permissions (e.g., using setuid()) and try to open the file directly
return EPERM;
if (!validate_mmap_prot(prot, old_region->is_stack(), old_region->vmobject().is_anonymous(), old_region))
return EINVAL;
if (old_region->access() == Memory::prot_to_region_access_flags(prot))
return 0;
if (old_region->vmobject().is_inode()
&& !validate_inode_mmap_prot(*this, prot, static_cast<Memory::InodeVMObject const&>(old_region->vmobject()).inode(), old_region->is_shared())) {
return EACCES;
}
Reported by FlawFinder.
Line: 388
Column: 25
CWE codes:
362/367!
Suggestion:
Set up the correct permissions (e.g., using setuid()) and try to open the file directly
return EPERM;
if (!validate_mmap_prot(prot, region->is_stack(), region->vmobject().is_anonymous(), region))
return EINVAL;
if (region->access() == Memory::prot_to_region_access_flags(prot))
return 0;
if (region->vmobject().is_inode()
&& !validate_inode_mmap_prot(*this, prot, static_cast<Memory::InodeVMObject const&>(region->vmobject()).inode(), region->is_shared())) {
return EACCES;
}
Reported by FlawFinder.
Line: 563
Column: 65
CWE codes:
362/367!
Suggestion:
Set up the correct permissions (e.g., using setuid()) and try to open the file directly
if (old_region->vmobject().is_shared_inode() && params.flags & MAP_PRIVATE && !(params.flags & (MAP_ANONYMOUS | MAP_NORESERVE))) {
auto range = old_region->range();
auto old_prot = region_access_flags_to_prot(old_region->access());
auto old_offset = old_region->offset_in_vmobject();
NonnullRefPtr inode = static_cast<Memory::SharedInodeVMObject&>(old_region->vmobject()).inode();
auto new_vmobject = Memory::PrivateInodeVMObject::try_create_with_inode(inode);
if (!new_vmobject)
Reported by FlawFinder.
Tests/Kernel/stress-writeread.cpp
4 issues
Line: 32
Column: 5
CWE codes:
327
Suggestion:
Use a more secure technique for acquiring random values
fprintf(stderr, "Failure to read block %" PRIi64 ": %s\n", block, strerror(errno));
return false;
}
srand((seed + 1) * (block + 1));
for (size_t i = 0; i < buffer.size(); i++) {
if (buffer[i] != rand() % 256) {
fprintf(stderr, "Discrepancy detected at block %" PRIi64 " offset %zd\n", block, i);
return false;
}
Reported by FlawFinder.
Line: 50
Column: 5
CWE codes:
327
Suggestion:
Use a more secure technique for acquiring random values
fprintf(stderr, "Couldn't seek to block %" PRIi64 " (offset %" PRIi64 ") while verifying: %s\n", block, offset, strerror(errno));
return false;
}
srand((seed + 1) * (block + 1));
for (size_t i = 0; i < buffer.size(); i++)
buffer[i] = rand();
auto rw = write(fd, buffer.data(), buffer.size());
if (rw != static_cast<int>(buffer.size())) {
fprintf(stderr, "Failure to write block %" PRIi64 ": %s\n", block, strerror(errno));
Reported by FlawFinder.
Line: 89
Column: 14
CWE codes:
362
auto buffer = AK::ByteBuffer::create_zeroed(block_size);
int fd = open(target, O_CREAT | O_RDWR, 0666);
if (fd < 0) {
perror("Couldn't create target file");
return EXIT_FAILURE;
}
Reported by FlawFinder.
Line: 27
Column: 15
CWE codes:
120
20
fprintf(stderr, "Couldn't seek to block %" PRIi64 " (offset %" PRIi64 ") while verifying: %s\n", block, offset, strerror(errno));
return false;
}
auto rw = read(fd, buffer.data(), buffer.size());
if (rw != static_cast<int>(buffer.size())) {
fprintf(stderr, "Failure to read block %" PRIi64 ": %s\n", block, strerror(errno));
return false;
}
srand((seed + 1) * (block + 1));
Reported by FlawFinder.
Kernel/Syscalls/chown.cpp
4 issues
Line: 15
Column: 21
CWE codes:
362
Suggestion:
Use fchown( ) instead
KResultOr<FlatPtr> Process::sys$fchown(int fd, uid_t uid, gid_t gid)
{
VERIFY_PROCESS_BIG_LOCK_ACQUIRED(this);
REQUIRE_PROMISE(chown);
auto description = fds().file_description(fd);
if (!description)
return EBADF;
return description->chown(uid, gid);
}
Reported by FlawFinder.
Line: 19
Column: 25
CWE codes:
362
Suggestion:
Use fchown( ) instead
auto description = fds().file_description(fd);
if (!description)
return EBADF;
return description->chown(uid, gid);
}
KResultOr<FlatPtr> Process::sys$chown(Userspace<const Syscall::SC_chown_params*> user_params)
{
VERIFY_PROCESS_BIG_LOCK_ACQUIRED(this);
Reported by FlawFinder.
Line: 25
Column: 21
CWE codes:
362
Suggestion:
Use fchown( ) instead
KResultOr<FlatPtr> Process::sys$chown(Userspace<const Syscall::SC_chown_params*> user_params)
{
VERIFY_PROCESS_BIG_LOCK_ACQUIRED(this);
REQUIRE_PROMISE(chown);
Syscall::SC_chown_params params;
if (!copy_from_user(¶ms, user_params))
return EFAULT;
auto path = get_syscall_path_argument(params.path);
if (path.is_error())
Reported by FlawFinder.
Line: 32
Column: 37
CWE codes:
362
Suggestion:
Use fchown( ) instead
auto path = get_syscall_path_argument(params.path);
if (path.is_error())
return path.error();
return VirtualFileSystem::the().chown(path.value()->view(), params.uid, params.gid, current_directory());
}
}
Reported by FlawFinder.
Userland/Libraries/LibSQL/Value.cpp
4 issues
Line: 207
Column: 9
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
m_deserialize = [&](ByteBuffer& buffer, size_t& at_offset) {
int len;
memcpy(&len, buffer.offset_pointer((int)at_offset), sizeof(int));
at_offset += sizeof(int);
m_impl = String((const char*)buffer.offset_pointer((int)at_offset));
at_offset += 64;
};
Reported by FlawFinder.
Line: 214
Column: 9
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
};
m_serialize = [&](ByteBuffer& buffer) {
char zeroes[64];
int len = min((int)m_impl.get<String>().length(), 63);
buffer.append(&len, sizeof(int));
buffer.append(m_impl.get<String>().characters(), len);
memset(zeroes, 0, 64);
Reported by FlawFinder.
Line: 286
Column: 9
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
m_size = []() { return sizeof(int); };
m_deserialize = [&](ByteBuffer& buffer, size_t& at_offset) {
memcpy(m_impl.get_pointer<int>(), buffer.offset_pointer((int)at_offset), sizeof(int));
at_offset += sizeof(int);
};
m_serialize = [&](ByteBuffer& buffer) {
buffer.append(m_impl.get_pointer<int>(), sizeof(int));
Reported by FlawFinder.
Line: 353
Column: 9
CWE codes:
120
Suggestion:
Make sure destination can always hold the source data
m_size = []() { return sizeof(double); };
m_deserialize = [&](ByteBuffer& buffer, size_t& at_offset) {
memcpy(m_impl.get_pointer<double>(), buffer.offset_pointer((int)at_offset), sizeof(double));
at_offset += sizeof(double);
};
m_serialize = [&](ByteBuffer& buffer) {
buffer.append(m_impl.get_pointer<double>(), sizeof(double));
Reported by FlawFinder.
Userland/Services/WebServer/Client.cpp
4 issues
Line: 161
CWE codes:
908
if (response.unreliable_eof() && size == 0)
break;
m_socket->write({ buffer, size });
} while (true);
}
void Client::send_redirect(StringView redirect_path, HTTP::HttpRequest const& request)
{
Reported by Cppcheck.
Line: 124
Column: 16
CWE codes:
362
}
auto file = Core::File::construct(real_path);
if (!file->open(Core::OpenMode::ReadOnly)) {
send_error_response(404, request);
return;
}
if (file->is_device()) {
Reported by FlawFinder.
Line: 155
Column: 5
CWE codes:
119
120
Suggestion:
Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length
m_socket->write(builder.to_string());
log_response(200, request);
char buffer[PAGE_SIZE];
do {
auto size = response.read({ buffer, sizeof(buffer) });
if (response.unreliable_eof() && size == 0)
break;
Reported by FlawFinder.
Line: 157
Column: 30
CWE codes:
120
20
char buffer[PAGE_SIZE];
do {
auto size = response.read({ buffer, sizeof(buffer) });
if (response.unreliable_eof() && size == 0)
break;
m_socket->write({ buffer, size });
} while (true);
Reported by FlawFinder.
Userland/Libraries/LibCore/DirIterator.cpp
3 issues
Line: 91
Column: 13
CWE codes:
362/367!
Suggestion:
Set up the correct permissions (e.g., using setuid()) and try to open the file directly
String find_executable_in_path(String filename)
{
if (filename.starts_with('/')) {
if (access(filename.characters(), X_OK) == 0)
return filename;
return {};
}
Reported by FlawFinder.
Line: 100
Column: 13
CWE codes:
362/367!
Suggestion:
Set up the correct permissions (e.g., using setuid()) and try to open the file directly
for (auto directory : String { getenv("PATH") }.split(':')) {
auto fullpath = String::formatted("{}/{}", directory, filename);
if (access(fullpath.characters(), X_OK) == 0)
return fullpath;
}
return {};
}
Reported by FlawFinder.
Line: 97
Column: 36
CWE codes:
807
20
Suggestion:
Check environment variables carefully before using them
return {};
}
for (auto directory : String { getenv("PATH") }.split(':')) {
auto fullpath = String::formatted("{}/{}", directory, filename);
if (access(fullpath.characters(), X_OK) == 0)
return fullpath;
}
Reported by FlawFinder.