The following issues were found

Userland/Applications/3DFileViewer/main.cpp
1 issues
open - Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents?
Security

Line: 194 Column: 16 CWE codes: 362 

                      return false;
    }

    if (!file->open(Core::OpenMode::ReadOnly) && file->error() != ENOENT) {
        GUI::MessageBox::show(window(), String::formatted("Opening \"{}\" failed: {}", filename, strerror(errno)), "Error", GUI::MessageBox::Type::Error);
        return false;
    }

    if (file->is_device()) {

Reported by FlawFinder.

Userland/Libraries/LibC/ulimit.cpp
1 issues
ulimit - This C routine is considered obsolete (as opposed to the shell command by the same name, which is NOT obsolete)
Security

Line: 14 Column: 6 CWE codes: 676
Suggestion: Use getrlimit(2), setrlimit(2), and sysconf(3) instead 

              
extern "C" {

long ulimit([[maybe_unused]] int cmd, [[maybe_unused]] long newlimit)
{
    dbgln("FIXME: Implement getrusage()");
    TODO();
    return -1;
}

Reported by FlawFinder.

Userland/Libraries/LibC/ulimit.h
1 issues
ulimit - This C routine is considered obsolete (as opposed to the shell command by the same name, which is NOT obsolete)
Security

Line: 13 Column: 6 CWE codes: 676
Suggestion: Use getrlimit(2), setrlimit(2), and sysconf(3) instead 

              
__BEGIN_DECLS

long ulimit(int cmd, long newlimit);

__END_DECLS

Reported by FlawFinder.

Userland/Applets/ResourceGraph/main.cpp
1 issues
open - Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents?
Security

Line: 153 Column: 32 CWE codes: 362 

                              return false;
        } else {
            auto proc_memstat = Core::File::construct("/proc/memstat");
            if (!proc_memstat->open(Core::OpenMode::ReadOnly))
                return false;
            m_proc_mem = move(proc_memstat);
        }

        auto file_contents = m_proc_mem->read_all();

Reported by FlawFinder.

Userland/Applets/Network/main.cpp
1 issues
open - Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents?
Security

Line: 111 Column: 20 CWE codes: 362 

                      StringBuilder adapter_info;

        auto file = Core::File::construct("/proc/net/adapters");
        if (!file->open(Core::OpenMode::ReadOnly)) {
            dbgln("Error: Could not open {}: {}", file->name(), file->error_string());
            return adapter_info.to_string();
        }

        auto file_contents = file->read_all();

Reported by FlawFinder.

Userland/Libraries/LibC/utime.cpp
1 issues
strlen - Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected)
Security

Line: 20 Column: 42 CWE codes: 126 

                      errno = EFAULT;
        return -1;
    }
    int rc = syscall(SC_utime, pathname, strlen(pathname), buf);
    __RETURN_WITH_ERRNO(rc, rc, -1);
}
}

Reported by FlawFinder.

Tests/UserspaceEmulator/ue-write-oob.cpp
1 issues
char - Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues
Security

Line: 69 Column: 25 CWE codes: 119 120
Suggestion: Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length 

              
    if (do_static) {
        // Let's just hope the linker puts nothing after it!
        static unsigned char region[PAGE_SIZE * 10] = { 0 };

        run_test(region, offset, 64);
    } else {
        void* region = mmap(nullptr, size, PROT_READ | PROT_WRITE, MAP_ANONYMOUS | MAP_PRIVATE, 0, 0);
        VERIFY(region);

Reported by FlawFinder.

Tests/UserspaceEmulator/test-run-ls.cpp
1 issues
system - This causes a new program to execute and is difficult to use safely
Security

Line: 9 Column: 21 CWE codes: 78
Suggestion: try using a library call that implements the same functionality if available 

              
#include <stdlib.h>

int main() { return system("UserspaceEmulator ls"); }

Reported by FlawFinder.

Tests/LibWeb/TestHTMLTokenizer.cpp
1 issues
open - Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents?
Security

Line: 204 Column: 29 CWE codes: 362 

              //       If that changes, or something is added to the test HTML, the hash needs to be adjusted.
TEST_CASE(regression)
{
    auto file = Core::File::open("/usr/Tests/LibWeb/tokenizer-test.html", Core::OpenMode::ReadOnly);
    VERIFY(!file.is_error());
    auto file_contents = file.value()->read_all();
    auto tokens = run_tokenizer(file_contents);
    u32 hash = hash_tokens(tokens);
    EXPECT_EQ(hash, 2203864459u);

Reported by FlawFinder.

Userland/Utilities/lsof.cpp
1 issues
open - Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents?
Security

Line: 66 Column: 29 CWE codes: 362 

              
static Vector<OpenFile> get_open_files_by_pid(pid_t pid)
{
    auto file = Core::File::open(String::formatted("/proc/{}/fds", pid), Core::OpenMode::ReadOnly);
    if (file.is_error()) {
        outln("lsof: PID {}: {}", pid, file.error());
        return Vector<OpenFile>();
    }
    auto data = file.value()->read_all();

Reported by FlawFinder.