The following issues were found

Userland/Libraries/LibWasm/Printer/Printer.cpp
1 issues
Syntax Error: AST broken, 'if' doesn't have two operands.
Error

Line: 635 

              {
    print_indent();
    print("{} ", value.value().visit([&]<typename T>(T const& value) {
        if constexpr (IsSame<Wasm::Reference, T>)
            return String::formatted(
                "addr({})",
                value.ref().visit(
                    [](Wasm::Reference::Null const&) { return String("null"); },
                    [](auto const& ref) { return String::number(ref.address.value()); }));

Reported by Cppcheck.

Kernel/Memory/AddressSpace.cpp
1 issues
access - This usually indicates a security flaw. If an attacker can change anything along the path between the call to access() and the file's actual use (e.g., by moving files), the attacker can exploit the race condition
Security

Line: 153 Column: 119 CWE codes: 362/367!
Suggestion: Set up the correct permissions (e.g., using setuid()) and try to open the file directly 

              KResultOr<Region*> AddressSpace::try_allocate_split_region(Region const& source_region, VirtualRange const& range, size_t offset_in_vmobject)
{
    auto maybe_new_region = Region::try_create_user_accessible(
        range, source_region.vmobject(), offset_in_vmobject, KString::try_create(source_region.name()), source_region.access(), source_region.is_cacheable() ? Region::Cacheable::Yes : Region::Cacheable::No, source_region.is_shared());
    if (maybe_new_region.is_error())
        return maybe_new_region.error();
    auto* region = add_region(maybe_new_region.release_value());
    if (!region)
        return ENOMEM;

Reported by FlawFinder.

Userland/Libraries/LibWeb/Bindings/LocationObject.cpp
1 issues
syntax error
Error

Line: 41 

              {
}

JS_DEFINE_NATIVE_FUNCTION(LocationObject::href_getter)
{
    auto& window = static_cast<WindowObject&>(global_object);
    return JS::js_string(vm, window.impl().document().url().to_string());
}

Reported by Cppcheck.

Userland/Libraries/LibWeb/Bindings/NavigatorObject.cpp
1 issues
syntax error
Error

Line: 43 

              {
}

JS_DEFINE_NATIVE_FUNCTION(NavigatorObject::user_agent_getter)
{
    return JS::js_string(vm, ResourceLoader::the().user_agent());
}

}

Reported by Cppcheck.

Userland/Libraries/LibWeb/Bindings/WindowObject.cpp
1 issues
syntax error
Error

Line: 126 

                  return &static_cast<WindowObject*>(this_object)->impl();
}

JS_DEFINE_NATIVE_FUNCTION(WindowObject::alert)
{
    // https://html.spec.whatwg.org/multipage/timers-and-user-prompts.html#simple-dialogs
    // Note: This method is defined using two overloads, instead of using an optional argument,
    //       for historical reasons. The practical impact of this is that alert(undefined) is
    //       treated as alert("undefined"), but alert() is treated as alert("").

Reported by Cppcheck.

Kernel/Bus/USB/USBDevice.cpp
1 issues
memcpy - Does not check for buffer overflows when copying to destination
Security

Line: 142 Column: 5 CWE codes: 120
Suggestion: Make sure destination can always hold the source data 

              
    dbgln_if(USB_DEBUG, "USB Device: Set address to {}", m_address);

    memcpy(&m_device_descriptor, &dev_descriptor, sizeof(USBDeviceDescriptor));
    return KSuccess;
}

}

Reported by FlawFinder.

Userland/Libraries/LibWeb/CodeGenerators/Generate_CSS_PropertyID_cpp.cpp
1 issues
open - Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents?
Security

Line: 36 Column: 16 CWE codes: 362 

                      return 1;
    }
    auto file = Core::File::construct(argv[1]);
    if (!file->open(Core::OpenMode::ReadOnly))
        return 1;

    auto json = JsonValue::from_string(file->read_all());
    VERIFY(json.has_value());
    VERIFY(json.value().is_object());

Reported by FlawFinder.

Userland/Libraries/LibWeb/CodeGenerators/Generate_CSS_PropertyID_h.cpp
1 issues
open - Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents?
Security

Line: 36 Column: 16 CWE codes: 362 

                      return 1;
    }
    auto file = Core::File::construct(argv[1]);
    if (!file->open(Core::OpenMode::ReadOnly))
        return 1;

    auto json = JsonValue::from_string(file->read_all());
    VERIFY(json.has_value());
    VERIFY(json.value().is_object());

Reported by FlawFinder.

Userland/Libraries/LibWeb/CodeGenerators/Generate_CSS_ValueID_cpp.cpp
1 issues
open - Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents?
Security

Line: 36 Column: 16 CWE codes: 362 

                      return 1;
    }
    auto file = Core::File::construct(argv[1]);
    if (!file->open(Core::OpenMode::ReadOnly))
        return 1;

    auto json = JsonValue::from_string(file->read_all());
    VERIFY(json.has_value());
    VERIFY(json.value().is_array());

Reported by FlawFinder.

Userland/Libraries/LibWeb/CodeGenerators/Generate_CSS_ValueID_h.cpp
1 issues
open - Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents?
Security

Line: 36 Column: 16 CWE codes: 362 

                      return 1;
    }
    auto file = Core::File::construct(argv[1]);
    if (!file->open(Core::OpenMode::ReadOnly))
        return 1;

    auto json = JsonValue::from_string(file->read_all());
    VERIFY(json.has_value());
    VERIFY(json.value().is_array());

Reported by FlawFinder.