The following issues were found

Tests/LibCpp/test-cpp-preprocessor.cpp
1 issues
open - Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents?
Security

Line: 21 Column: 31 CWE codes: 362 

              
static String read_all(const String& path)
{
    auto result = Core::File::open(path, Core::OpenMode::ReadOnly);
    VERIFY(!result.is_error());
    auto content = result.value()->read_all();
    return { reinterpret_cast<const char*>(content.data()), content.size() };
}

Reported by FlawFinder.

Tests/LibCore/TestLibCoreArgsParser.cpp
1 issues
memcpy - Does not check for buffer overflows when copying to destination
Security

Line: 19 Column: 9 CWE codes: 120
Suggestion: Make sure destination can always hold the source data 

                  size_t idx = 0;
    for (auto& argument : arguments) {
        auto char_argument = new char[argument.length() + 1];
        memcpy(char_argument, argument.characters(), argument.length());
        char_argument[argument.length()] = '\0';
        argv[idx++] = char_argument;
    }
    argv[idx++] = nullptr;
    return argv;

Reported by FlawFinder.

Tests/LibC/snprintf-correctness.cpp
1 issues
snprintf - If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate
Security

Line: 66 Column: 25 CWE codes: 134
Suggestion: Use a constant for the format specification 

                  char* dst = reinterpret_cast<char*>(actual.offset_pointer(SANDBOX_CANARY_SIZE));

    // The actual call:
    int actual_return = snprintf(dst, testcase.dest_n, testcase.fmt, testcase.arg);

    // Checking the results:
    bool return_ok = actual_return == testcase.expected_return;
    bool canary_1_ok = actual.slice(0, SANDBOX_CANARY_SIZE) == expected.slice(0, SANDBOX_CANARY_SIZE);
    bool main_ok = actual.slice(SANDBOX_CANARY_SIZE, testcase.dest_n) == expected.slice(SANDBOX_CANARY_SIZE, testcase.dest_n);

Reported by FlawFinder.

Tests/LibC/memmem-tests.cpp
1 issues
printf - If format strings can be influenced by an attacker, they can be exploited
Security

Line: 49 Column: 5 CWE codes: 134
Suggestion: Use a constant for the format specification 

                      ++i;
    }

    printf(failed ? "FAIL\n" : "PASS\n");
    return failed ? 1 : 0;
}

Reported by FlawFinder.

Tests/LibC/TestStackSmash.cpp
1 issues
char - Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues
Security

Line: 24 Column: 5 CWE codes: 119 120
Suggestion: Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length 

              // Note: Needs to be 'noline' so stack canary isn't optimized out.
static void __attribute__((noinline)) stack_to_smash()
{
    char string[8] = {};
    smasher(string);
}

TEST_CASE(stack_smash)
{

Reported by FlawFinder.

Tests/LibC/TestLibCString.cpp
1 issues
char - Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues
Security

Line: 15 Column: 5 CWE codes: 119 120
Suggestion: Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length 

              {
    EXPECT_EQ(strerror_r(1000, nullptr, 0), EINVAL);
    EXPECT_EQ(strerror_r(EFAULT, nullptr, 0), ERANGE);
    char buf[64];
    EXPECT_EQ(strerror_r(EFAULT, buf, sizeof(buf)), 0);
    EXPECT_EQ(strcmp(buf, "Bad address"), 0);
}

Reported by FlawFinder.

Userland/Libraries/LibCore/FileWatcher.cpp
1 issues
read - Check buffer boundaries if used in a loop including recursive loops
Security

Line: 30 Column: 14 CWE codes: 120 20 

              static Optional<FileWatcherEvent> get_event_from_fd(int fd, HashMap<unsigned, String> const& wd_to_path)
{
    u8 buffer[MAXIMUM_EVENT_SIZE];
    int rc = read(fd, &buffer, MAXIMUM_EVENT_SIZE);
    if (rc == 0) {
        return {};
    } else if (rc < 0) {
        dbgln_if(FILE_WATCHER_DEBUG, "get_event_from_fd: Reading from wd {} failed: {}", fd, strerror(errno));
        return {};

Reported by FlawFinder.

Tests/LibC/TestLibCInodeWatcher.cpp
1 issues
read - Check buffer boundaries if used in a loop including recursive loops
Security

Line: 23 Column: 14 CWE codes: 120 20 

              
static int read_event(int fd)
{
    int rc = read(fd, &buffer, MAXIMUM_EVENT_SIZE);
    return rc;
}

static String get_event_name()
{

Reported by FlawFinder.

Tests/Kernel/kill-pidtid-confusion.cpp
1 issues
usleep - This C routine is considered obsolete (as opposed to the shell command by the same name). The interaction of this function with SIGALRM and other timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is unspecified
Security

Line: 67 Column: 20 CWE codes: 676
Suggestion: Use nanosleep(2) or setitimer(2) instead 

              
static void sleep_steps(useconds_t steps)
{
    const int rc = usleep(steps * STEP_SIZE);
    if (rc < 0) {
        perror("usleep");
        VERIFY_NOT_REACHED();
    }
}

Reported by FlawFinder.

Userland/Libraries/LibCore/LocalSocket.cpp
1 issues
getenv - Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once
Security

Line: 89 Column: 27 CWE codes: 807 20
Suggestion: Check environment variables carefully before using them 

                  VERIFY(!s_overtaken_sockets_parsed);

    constexpr auto socket_takeover = "SOCKET_TAKEOVER";
    const char* sockets = getenv(socket_takeover);
    if (!sockets) {
        s_overtaken_sockets_parsed = true;
        return;
    }

Reported by FlawFinder.