The following issues were found

Kernel/Net/NetworkTask.cpp
1 issues
memcpy - Does not check for buffer overflows when copying to destination
Security

Line: 263 Column: 13 CWE codes: 120
Suggestion: Make sure destination can always hold the source data 

                      response.identifier = request.identifier;
        response.sequence_number = request.sequence_number;
        if (size_t icmp_payload_size = icmp_packet_size - sizeof(ICMPEchoPacket))
            memcpy(response.payload(), request.payload(), icmp_payload_size);
        response.header.set_checksum(internet_checksum(&response, icmp_packet_size));
        // FIXME: What is the right TTL value here? Is 64 ok? Should we use the same TTL as the echo request?
        adapter->send_packet(packet->bytes());
        adapter->release_packet_buffer(*packet);
    }

Reported by FlawFinder.

Userland/Libraries/LibTest/JavaScriptTestRunner.h
1 issues
open - Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents?
Security

Line: 200 Column: 25 CWE codes: 362 

              inline AK::Result<NonnullRefPtr<JS::Program>, ParserError> parse_file(const String& file_path, JS::Program::Type program_type = JS::Program::Type::Script)
{
    auto file = Core::File::construct(file_path);
    auto result = file->open(Core::OpenMode::ReadOnly);
    if (!result) {
        warnln("Failed to open the following file: \"{}\"", file_path);
        cleanup_and_exit();
    }

Reported by FlawFinder.

Kernel/Net/E1000NetworkAdapter.cpp
1 issues
memcpy - Does not check for buffer overflows when copying to destination
Security

Line: 431 Column: 5 CWE codes: 120
Suggestion: Make sure destination can always hold the source data 

                  auto& descriptor = tx_descriptors[tx_current];
    VERIFY(payload.size() <= 8192);
    auto* vptr = (void*)m_tx_buffers[tx_current];
    memcpy(vptr, payload.data(), payload.size());
    descriptor.length = payload.size();
    descriptor.status = 0;
    descriptor.cmd = CMD_EOP | CMD_IFCS | CMD_RS;
    dbgln_if(E1000_DEBUG, "E1000: Using tx descriptor {} (head is at {})", tx_current, in32(REG_TXDESCHEAD));
    tx_current = (tx_current + 1) % number_of_tx_descriptors;

Reported by FlawFinder.

Userland/Libraries/LibTest/TestSuite.cpp
1 issues
getenv - Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once
Security

Line: 58 Column: 26 CWE codes: 807 20
Suggestion: Check environment variables carefully before using them 

              
    Core::ArgsParser args_parser;

    bool do_tests_only = getenv("TESTS_ONLY") != nullptr;
    bool do_benchmarks_only = false;
    bool do_list_cases = false;
    const char* search_string = "*";

    args_parser.add_option(do_tests_only, "Only run tests.", "tests", 0);

Reported by FlawFinder.

Userland/Libraries/LibUSBDB/Database.cpp
1 issues
open - Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents?
Security

Line: 15 Column: 28 CWE codes: 362 

              
namespace USBDB {

RefPtr<Database> Database::open(const String& filename)
{
    auto file_or_error = MappedFile::map(filename);
    if (file_or_error.is_error())
        return nullptr;
    auto res = adopt_ref(*new Database(file_or_error.release_value()));

Reported by FlawFinder.

Kernel/Memory/TypedMapping.h
1 issues
access - This usually indicates a security flaw. If an attacker can change anything along the path between the call to access() and the file's actual use (e.g., by moving files), the attacker can exploit the race condition
Security

Line: 31 Column: 85 CWE codes: 362/367!
Suggestion: Set up the correct permissions (e.g., using setuid()) and try to open the file directly 

              {
    TypedMapping<T> table;
    size_t mapping_length = page_round_up(paddr.offset_in_page() + length);
    table.region = MM.allocate_kernel_region(paddr.page_base(), mapping_length, {}, access);
    table.offset = paddr.offset_in_page();
    return table;
}

template<typename T>

Reported by FlawFinder.

Userland/Libraries/LibUnicode/CodeGenerators/GenerateUnicodeData.cpp
1 issues
open - Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents?
Security

Line: 1022 Column: 42 CWE codes: 362 

                          exit(1);
        }

        auto file_or_error = Core::File::open(path, mode);
        if (file_or_error.is_error()) {
            warnln("Failed to open {}: {}", path, file_or_error.release_error());
            exit(1);
        }

Reported by FlawFinder.

Kernel/Memory/RingBuffer.cpp
1 issues
read - Check buffer boundaries if used in a loop including recursive loops
Security

Line: 25 Column: 16 CWE codes: 120 20 

                  bytes_copied = min(m_capacity_in_bytes - m_num_used_bytes, min(m_capacity_in_bytes - start_of_free_area, length));
    if (bytes_copied == 0)
        return false;
    if (buffer.read(m_region->vaddr().offset(start_of_free_area).as_ptr(), offset, bytes_copied)) {
        m_num_used_bytes += bytes_copied;
        start_of_copied_data = m_region->physical_page(start_of_free_area / PAGE_SIZE)->paddr().offset(start_of_free_area % PAGE_SIZE);
        return true;
    }
    return false;

Reported by FlawFinder.

Userland/Libraries/LibWasm/AbstractMachine/BytecodeInterpreter.cpp
1 issues
failed to expand 'TRAP_IF_NOT', Invalid ## usage when expanding 'TRAP_IF_NOT'.
Error

Line: 17 

              
namespace Wasm {

#define TRAP_IF_NOT(x)                                                                         \
    do {                                                                                       \
        if (trap_if_not(x, #x##sv)) {                                                          \
            dbgln_if(WASM_TRACE_DEBUG, "Trapped because {} failed, at line {}", #x, __LINE__); \
            return;                                                                            \
        }                                                                                      \

Reported by Cppcheck.

Userland/Utilities/rev.cpp
1 issues
open - Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents?
Security

Line: 32 Column: 46 CWE codes: 362 

                      files.append(Core::File::standard_input());
    } else {
        for (auto const& path : paths) {
            auto file_or_error = Core::File::open(path, Core::OpenMode::ReadOnly);
            if (file_or_error.is_error()) {
                warnln("Failed to open {}: {}", path, file_or_error.error());
                continue;
            }

Reported by FlawFinder.