The following issues were found

Userland/Libraries/LibCards/Card.h
2 issues
There is an unknown macro here somewhere. Configuration is required. If C_OBJECT is a macro then please configure it.
Error

Line: 21 

              namespace Cards {

class Card final : public Core::Object {
    C_OBJECT(Card)
public:
    static constexpr int width = 80;
    static constexpr int height = 100;
    static constexpr int card_count = 13;
    static constexpr int card_radius = 5;

Reported by Cppcheck.

There is an unknown macro here somewhere. Configuration is required. If C_OBJECT is a macro then please configure it.
Error

Line: 21 

              namespace Cards {

class Card final : public Core::Object {
    C_OBJECT(Card)
public:
    static constexpr int width = 80;
    static constexpr int height = 100;
    static constexpr int card_count = 13;
    static constexpr int card_radius = 5;

Reported by Cppcheck.

Userland/Applications/Assistant/Providers.cpp
2 issues
open - Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents?
Security

Line: 47 Column: 24 CWE codes: 362 

              
void FileResult::activate() const
{
    Desktop::Launcher::open(URL::create_with_file_protocol(title()));
}

void TerminalResult::activate() const
{
    pid_t pid;

Reported by FlawFinder.

open - Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents?
Security

Line: 65 Column: 24 CWE codes: 362 

              
void URLResult::activate() const
{
    Desktop::Launcher::open(URL::create_with_url_or_path(title()));
}

void AppProvider::query(String const& query, Function<void(NonnullRefPtrVector<Result>)> on_complete)
{
    if (query.starts_with("=") || query.starts_with('$'))

Reported by FlawFinder.

Userland/Libraries/LibC/sys/mman.cpp
2 issues
strlen - Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected)
Security

Line: 18 Column: 112 CWE codes: 126 

              
void* serenity_mmap(void* addr, size_t size, int prot, int flags, int fd, off_t offset, size_t alignment, const char* name)
{
    Syscall::SC_mmap_params params { (uintptr_t)addr, size, alignment, prot, flags, fd, offset, { name, name ? strlen(name) : 0 } };
    ptrdiff_t rc = syscall(SC_mmap, &params);
    if (rc < 0 && rc > -EMAXERRNO) {
        errno = -rc;
        return MAP_FAILED;
    }

Reported by FlawFinder.

strlen - Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected)
Security

Line: 66 Column: 67 CWE codes: 126 

                      errno = EFAULT;
        return -1;
    }
    Syscall::SC_set_mmap_name_params params { addr, size, { name, strlen(name) } };
    int rc = syscall(SC_set_mmap_name, &params);
    __RETURN_WITH_ERRNO(rc, rc, -1);
}

int madvise(void* address, size_t size, int advice)

Reported by FlawFinder.

Userland/Libraries/LibC/sys/stat.h
2 issues
chmod - This accepts filename arguments; if an attacker can move those files, a race condition results.
Security

Line: 17 Column: 5 CWE codes: 362
Suggestion: Use fchmod( ) instead 

              __BEGIN_DECLS

mode_t umask(mode_t);
int chmod(const char* pathname, mode_t);
int fchmod(int fd, mode_t);
int mkdir(const char* pathname, mode_t);
int mkfifo(const char* pathname, mode_t);
int fstat(int fd, struct stat* statbuf);
int lstat(const char* path, struct stat* statbuf);

Reported by FlawFinder.

umask - Ensure that umask is given most restrictive possible setting (e.g., 066 or 077)
Security

Line: 16 Column: 8 CWE codes: 732 

              
__BEGIN_DECLS

mode_t umask(mode_t);
int chmod(const char* pathname, mode_t);
int fchmod(int fd, mode_t);
int mkdir(const char* pathname, mode_t);
int mkfifo(const char* pathname, mode_t);
int fstat(int fd, struct stat* statbuf);

Reported by FlawFinder.

Userland/Libraries/LibC/syslog.cpp
2 issues
syslog - If syslog's format strings can be influenced by an attacker, they can be exploited
Security

Line: 103 Column: 6 CWE codes: 134
Suggestion: Use a constant format string for syslog 

                  va_end(ap);
}

void syslog(int priority, const char* message, ...)
{
    va_list ap;
    va_start(ap, message);
    vsyslog_r(priority, &global_log_data, message, ap);
    va_end(ap);

Reported by FlawFinder.

char - Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues
Security

Line: 34 Column: 8 CWE codes: 119 120
Suggestion: Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length 

              
// Used when ident is null, since syslog traditionally prints the program's
// own name; the process name will always be the same unless we exec.
static char program_name_buffer[256];
static bool program_name_set = false;

// Convenience function for initialization and checking what string to use
// for the program name.
static const char* get_syslog_ident(struct syslog_data* data)

Reported by FlawFinder.

Userland/Libraries/LibC/shadow.cpp
2 issues
fopen - Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents?
Security

Line: 33 Column: 20 CWE codes: 362 

                  if (s_stream) {
        rewind(s_stream);
    } else {
        s_stream = fopen("/etc/shadow", "r");
        if (!s_stream) {
            dbgln("open /etc/shadow failed: {}", strerror(errno));
        }
    }
}

Reported by FlawFinder.

char - Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues
Security

Line: 164 Column: 9 CWE codes: 119 120
Suggestion: Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length 

                          return nullptr;
        }

        char buffer[1024];
        ++s_line_number;
        char* s = fgets(buffer, sizeof(buffer), s_stream);

        // Silently tolerate an empty line at the end.
        if ((!s || !s[0]) && feof(s_stream))

Reported by FlawFinder.

Kernel/Memory/PageDirectory.cpp
2 issues
memcpy - Does not check for buffer overflows when copying to destination
Security

Line: 133 Column: 5 CWE codes: 120
Suggestion: Make sure destination can always hold the source data 

                  // Clone bottom 2 MiB of mappings from kernel_page_directory
    PageDirectoryEntry buffer;
    auto* kernel_pd = MM.quickmap_pd(MM.kernel_page_directory(), 0);
    memcpy(&buffer, kernel_pd, sizeof(PageDirectoryEntry));
    auto* new_pd = MM.quickmap_pd(*directory, 0);
    memcpy(new_pd, &buffer, sizeof(PageDirectoryEntry));

    cr3_map().set(directory->cr3(), directory.ptr());
    return directory;

Reported by FlawFinder.

memcpy - Does not check for buffer overflows when copying to destination
Security

Line: 135 Column: 5 CWE codes: 120
Suggestion: Make sure destination can always hold the source data 

                  auto* kernel_pd = MM.quickmap_pd(MM.kernel_page_directory(), 0);
    memcpy(&buffer, kernel_pd, sizeof(PageDirectoryEntry));
    auto* new_pd = MM.quickmap_pd(*directory, 0);
    memcpy(new_pd, &buffer, sizeof(PageDirectoryEntry));

    cr3_map().set(directory->cr3(), directory.ptr());
    return directory;
}

Reported by FlawFinder.

Tests/LibThreading/TestThread.cpp
2 issues
usleep - This C routine is considered obsolete (as opposed to the shell command by the same name). The interaction of this function with SIGALRM and other timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is unspecified
Security

Line: 16 Column: 9 CWE codes: 676
Suggestion: Use nanosleep(2) or setitimer(2) instead 

                  int should_be_42 = 0;

    auto thread = Threading::Thread::construct([&should_be_42]() {
        usleep(10 * 1000);
        should_be_42 = 42;
        return 0;
    });
    thread->start();
    thread->detach();

Reported by FlawFinder.

usleep - This C routine is considered obsolete (as opposed to the shell command by the same name). The interaction of this function with SIGALRM and other timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is unspecified
Security

Line: 22 Column: 5 CWE codes: 676
Suggestion: Use nanosleep(2) or setitimer(2) instead 

                  });
    thread->start();
    thread->detach();
    usleep(20 * 1000);

    EXPECT(should_be_42 == 42);
}

TEST_CASE(joining_detached_thread_errors)

Reported by FlawFinder.

Tests/LibTLS/TestTLSHandshake.cpp
2 issues
open - Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents?
Security

Line: 48 Column: 37 CWE codes: 362 

                      return certificates;
    }

    auto config = Core::ConfigFile::open(ca_certs_filepath);
    auto now = Core::DateTime::now();
    auto last_year = Core::DateTime::create(now.year() - 1);
    auto next_year = Core::DateTime::create(now.year() + 1);
    for (auto& entity : config->groups()) {
        Certificate cert;

Reported by FlawFinder.

read - Check buffer boundaries if used in a loop including recursive loops
Security

Line: 92 Column: 25 CWE codes: 120 20 

                      }
    };
    tls->on_tls_ready_to_read = [&](TLS::TLSv12& tls) {
        auto data = tls.read();
        if (!data.has_value()) {
            FAIL("No data received");
            loop.quit(1);
        } else {
            //            print_buffer(data.value(), 16);

Reported by FlawFinder.

Kernel/Devices/KCOVDevice.h
2 issues
open - Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents?
Security

Line: 26 Column: 47 CWE codes: 362 

              
    // ^File
    KResultOr<Memory::Region*> mmap(Process&, FileDescription&, Memory::VirtualRange const&, u64 offset, int prot, bool shared) override;
    KResultOr<NonnullRefPtr<FileDescription>> open(int options) override;

    // ^Device
    virtual mode_t required_mode() const override { return 0660; }
    virtual String device_name() const override;

Reported by FlawFinder.

read - Check buffer boundaries if used in a loop including recursive loops
Security

Line: 38 Column: 31 CWE codes: 120 20 

                  virtual bool can_read(const FileDescription&, size_t) const override final { return true; }
    virtual bool can_write(const FileDescription&, size_t) const override final { return true; }
    virtual void start_request(AsyncBlockDeviceRequest& request) override final { request.complete(AsyncDeviceRequest::Failure); }
    virtual KResultOr<size_t> read(FileDescription&, u64, UserOrKernelBuffer&, size_t) override { return EINVAL; }
    virtual KResultOr<size_t> write(FileDescription&, u64, const UserOrKernelBuffer&, size_t) override { return EINVAL; }
    virtual KResult ioctl(FileDescription&, unsigned request, Userspace<void*> arg) override;

private:
    KCOVDevice();

Reported by FlawFinder.